Specifications

ManualsBrandsCisco ManualsComputer equipmentAironet 1040 Series

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Cisco IOS Command Reference for

Cisco Aironet Access Points and Bridges

Cisco IOS Release 12.4(25d)JA and 12.3(8)JEE

December 2010

Text Part Number: OL-24115-01

Summary of content (338 pages)

PAGE 1
Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges Cisco IOS Release 12.4(25d)JA and 12.3(8)JEE December 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.
PAGE 2
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
PAGE 3
CONTENTS Preface v Using the Command-Line Interface Type of Memory 1-1 1-1 CLI Command Modes 1-1 User EXEC Mode 1-2 Privileged EXEC Mode 1-2 Global Configuration Mode 1-3 Interface Configuration Mode 1-3 Cisco IOS Commands for Access Points and Bridges 2-1 List of Supported Cisco IOS Commands A-1 Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 0L-24115-01 iii
PAGE 4
Contents Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges iv 0L-24115-01
PAGE 5
Preface Audience This guide is for the networking professional using the Cisco IOS command-line interface (CLI) to manage Cisco Aironet access points and bridges that run Cisco IOS software. Before using this guide, you should have experience working with Cisco IOS commands and access point and bridge software features.You also need to be familiar with the concepts and terminology of Ethernet and local area networking. Purpose This guide provides information about new and revised Cisco IOS commands.
PAGE 6
Preface Conventions This publication uses these conventions to convey instructions and information: Command descriptions use these conventions: • Commands and keywords are in boldface text. • Arguments for which you supply values are in italic. • Square brackets ([ ]) means optional elements. • Braces ({ }) group required choices, and vertical bars ( | ) separate the alternative elements. • Braces and vertical bars within square brackets ([{ | }]) mean a required choice within an optional element.
PAGE 7
Preface Obtaining Documentation, Obtaining Support, and Security Guidelines For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.
PAGE 8
Preface Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges viii 0L-24115-01
PAGE 9
C H A P T E R 1 Using the Command-Line Interface This chapter describes how to use the Cisco IOS command-line interface (CLI) for configuring software features on your access point or bridge. For a complete description of the new and revised Cisco IOS commands supported by access points and bridges, see Appendix A, “List of Supported Cisco IOS Commands.” For more information on Cisco IOS commands, refer to the Cisco IOS Release 12.3 Command Summary.
PAGE 10
Chapter 1 Using the Command-Line Interface CLI Command Modes Table 1-1 Command Modes Summary Command Mode Access Method Prompt Exit User EXEC This is the first level of access. AP> Enter the logout command. Change terminal settings, perform basic tasks, and list system information. Privileged EXEC From user EXEC mode, enter the AP# enable command. To exit to user EXEC mode, enter the disable command. Global configuration From privileged EXEC mode, enter the configure command.
PAGE 11
Chapter 1 Using the Command-Line Interface CLI Command Modes The supported commands can vary depending on the version of Cisco IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt. AP# ? To return to user EXEC mode, enter the disable privileged EXEC command. Global Configuration Mode Global configuration commands apply to features that affect the device as a whole. Use the configure privileged EXEC command to enter global configuration mode.
PAGE 12
Chapter 1 Using the Command-Line Interface CLI Command Modes Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 1-4 0L-24115-01
PAGE 13
C H A P T E R 2 Cisco IOS Commands for Access Points and Bridges This chapter lists and describes Cisco IOS commands in Cisco IOS Release 12.3(8)JA that you use to configure and manage your access point, bridge, and wireless LAN. The commands are listed alphabetically. Refer to Appendix A, “List of Supported Cisco IOS Commands,” for a complete list of Cisco IOS commands supported by access points and bridges.
PAGE 14
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa authentication login default local cache aaa authentication login default local cache To set a local login cache for authentication, authorization, and accounting (AAA) authentication, use the aaa authentication login default local cache command in global configuration mode.
PAGE 15
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa authorization exec default local cache aaa authorization exec default local cache To set a local cache for AAA exec authorization, use the aaa authorization exec default local cache command in global configuration mode.
PAGE 16
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa cache profile aaa cache profile To set storage rules for the AAA cache, use the aaa cache profile command in global configuration mode. To disable the AAA cache profile, use the no form of this command: [no] aaa cache profile name [no] profile exact match [no-auth] [no] regexp match expression [any | only] [no-auth] [no] all [no-auth] Syntax Description name Character string used to name the AAA cache profile.
PAGE 17
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa cache profile Related Commands Command Description aaa authentication login default local cache Sets local cache for AAA authentication login aaa authentication login default local cache Sets local cache for AAA authentication login aaa group server Sets the AAA group server name cache authentication profile Sets the cache authentication profile name cache authorization profile Sets the cache authorization profile name cache expir
PAGE 18
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa pod server aaa pod server To enable inbound user sessions to be disconnected when specific session attributes are presented, use the aaa pod server global configuration command. To disable this feature, use the no form of this command. Packet of Disconnect (POD) consists of a method of terminating a session that has already been connected.
PAGE 19
Chapter 2 Cisco IOS Commands for Access Points and Bridges aaa pod server Command Modes Global configuration Command History Release Modification 12.1(3)T This command was introduced. 12.3(8)JA The clients and ignore keywords were added. Usage Guidelines Related Commands For a session to be disconnected, the values in one or more of the key fields in the POD request must match the values for a session on one of the network access server ports.
PAGE 20
Chapter 2 Cisco IOS Commands for Access Points and Bridges accounting (SSID configuration mode) accounting (SSID configuration mode) Use the accounting SSID configuration mode command to enable RADIUS accounting for the radio interface (for the specified SSID). Use the no form of the command to disable accounting. [no] accounting list-name Syntax Description list-name Defaults This command has no defaults. Command Modes SSID configuration interface Command History Release Modification 12.
PAGE 21
Chapter 2 Cisco IOS Commands for Access Points and Bridges admission-control (QOS Class interface configuration mode) admission-control (QOS Class interface configuration mode) Use the admission-control QOS Class interface configuration mode command to require call admission control (CAC) traffic for a radio interface. Use the no form of the command to remove the setting. [no] admission-control Note This command is not supported on c1200 and c1100 platforms.
PAGE 22
Chapter 2 Cisco IOS Commands for Access Points and Bridges admission-control (QOS Class interface configuration mode) Command Description fixed-slot (QOS Class interface configuration mode) Specifies the CAC fixed fallback slot time for the radio interface. transmit-op (QOS Class interface configuration mode) Specifies the CAC transmit opportunity time for the radio interface.
PAGE 23
Chapter 2 Cisco IOS Commands for Access Points and Bridges admit-traffic (SSID configuration mode) admit-traffic (SSID configuration mode) Use the admit-traffic SSID configuration mode command to enable or disable call admission control (CAC) traffic for an SSID. Use the no form of the command to disable all CAC traffic for the SSID. [no] admit-traffic Note This command is not supported when operating in repeater mode. Syntax Description This command has no arguments or keywords.
PAGE 24
Chapter 2 Cisco IOS Commands for Access Points and Bridges admit-traffic (QOS Class interface configuration mode) admit-traffic (QOS Class interface configuration mode) Use the admit-traffic QOS Class interface configuration mode command to enable CAC traffic for a radio interface. Use the no form of the command to disable all CAC traffic for the access point.
PAGE 25
Chapter 2 Cisco IOS Commands for Access Points and Bridges anonymous-id (dot1x credentials configuration mode) Command Description traffic-stream Configures CAC traffic data rates and priorities for a radio interface on the access point. debug cac Provides CAC admission control debugging information for on the access point.
PAGE 26
Chapter 2 Cisco IOS Commands for Access Points and Bridges antenna antenna Use the antenna configuration interface command to configure the radio receive or transmit antenna settings. Use the no form of this command to reset the receive antenna to defaults. [no] antenna {gain gain | {receive | transmit {diversity | left | middle | right}}} Syntax Description gain gain Specifies the resultant gain of the antenna attached to the device. Enter a value from –128 to 128 dB.
PAGE 27
Chapter 2 Cisco IOS Commands for Access Points and Bridges ampdu Related Commands Command Description power local Configures the radio power level show running-config Displays the current access point operating configuration ampdu Use the ampdu command to allow or disallow the use of 802.11n AMPDU aggregation for a particular class of service.
PAGE 28
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication (local server configuration mode) AP(config-if)# no ampdu authentication (local server configuration mode) Use the authentication local server configuration command to specify the authentication types that are allowed on the local authenticator. By default, a local authenticator access point performs LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices.
PAGE 29
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication client Related Commands Command Description group (local server configuration mode) Creates a user group on the local authenticator and enters user group configuration mode nas (local server configuration mode) Adds an access point to the list of NAS access points on the local authenticator radius-server local Enables the access point as a local authenticator and enters local server configuration mode show running-config D
PAGE 30
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication key-management authentication key-management Use the authentication key-management SSID configuration mode command to configure the radio interface (for the specified SSID) to support authenticated key management. Cisco Centralized Key Management (CCKM) and Wi-Fi Protected Access (WPA) are the key management types supported on the access point.
PAGE 31
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication network-eap (SSID configuration mode) • Examples To enable both WPA and CCKM, you must set the encryption mode to a cipher suite that includes TKIP.
PAGE 32
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication open (SSID configuration mode) Usage Guidelines Note Examples Use this command to authenticate clients using the network EAP method, with optional MAC address screening. You define list names for MAC addresses and EAP using the aaa authentication login command. These lists define the authentication methods activated when a user logs in and indirectly identify the location where the authentication information is stored.
PAGE 33
Chapter 2 Cisco IOS Commands for Access Points and Bridges authentication shared (SSID configuration mode) Defaults This command has no defaults. Command Modes SSID configuration interface Command History Release Modification 12.2(4)JA This command was introduced. Usage Guidelines Use this command to authenticate clients using the open method, with optional MAC address or EAP screenings. If you use the alternate keyword, the client must pass either MAC address or EAP authentication.
PAGE 34
Chapter 2 Cisco IOS Commands for Access Points and Bridges beacon Syntax Description mac-address list-name Specifies the list name for MAC authentication eap list-name Specifies the list name for EAP authentication Defaults This command has no defaults. Command Modes SSID configuration interface Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 35
Chapter 2 Cisco IOS Commands for Access Points and Bridges beacon Syntax Description period Kms Specifies the beacon time in Kilomicroseconds (Kms). Kms is a unit of measurement in software terms. K = 1024, m = 10-6, and s = seconds, so Kms = 0.001024 seconds, 1.024 milliseconds, or 1024 microseconds. dtim-period count Specifies the number of DTIM beacon periods to wait before delivering multicast packets. Note Defaults The dtim-period option is not supported on bridges. The default period is 100.
PAGE 36
Chapter 2 Cisco IOS Commands for Access Points and Bridges beacon privacy guest-mode beacon privacy guest-mode This command must be configured if you wish the beacon frames to use the privacy settings of the guest-mode SSID. If there is no guest-mode SSID configured, the command has no effect. If there is a guest-mode SSID and the command is configured, the privacy bit present in the beacon frames are set to ON/OFF according to how the security (encryption) settings of the guest-mode SSID are configured.
PAGE 37
Chapter 2 Cisco IOS Commands for Access Points and Bridges boot buffersize beacon privacy guest-mode bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled end boot buffersize To modify the buffer size used to load configuration files, use the boot buffersize global configuration command. Use the no form of the command to return to the default setting.
PAGE 38
Chapter 2 Cisco IOS Commands for Access Points and Bridges boot ios-break Syntax Description This command has no arguments or keywords. Defaults This command is disabled by default. Command Modes Global configuration Command History Release Modification 12.3(2)JA This command was introduced.
PAGE 39
Chapter 2 Cisco IOS Commands for Access Points and Bridges boot mode-button boot mode-button Use the boot mode-button global configuration command to enable or disable the operation of the mode button on access points with a console port. This command can be used to prevent password recovery and to prevent unauthorized users from gaining access to the access point CLI. Use the no form of the command to disable the access point mode button.
PAGE 40
Chapter 2 Cisco IOS Commands for Access Points and Bridges boot upgrade boot upgrade Use the boot upgrade global interface command to configure access points and bridges to automatically load a configuration and use DHCP options to upgrade system software. When your access point renews its IP address with a DHCP request, it uses the details configured on the DHCP server to download a specified configuration file from a TFTP server.
PAGE 41
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge aging-time bridge aging-time Use the bridge aging-time global configuration command to configure the length of time that a dynamic entry can remain in the bridge table from the time the entry is created or last updated. bridge group aging-time seconds Note Syntax Description This command is supported only on bridges.
PAGE 42
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge forward-time bridge forward-time Use the bridge forward-time global configuration command to configure the forward delay interval on the bridge. bridge group aging-time seconds Note Syntax Description This command is supported only on bridges. group Specifies the bridge group seconds Specifies the forward time in seconds Defaults The default forward time is 30 seconds.
PAGE 43
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge hello-time bridge hello-time Use the bridge hello-time global configuration command to configure the interval between hello bridge protocol data units (BPDUs). bridge group hello-time seconds Note Syntax Description This command is supported only on bridges. group Specifies the bridge group seconds Specifies the hello interval in seconds Defaults The default hello time is 2 seconds.
PAGE 44
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge max-age bridge max-age Use the bridge max-age global configuration command to configure the interval that the bridge waits to hear BPDUs from the spanning tree root. If the bridge does not hear BPDUs from the spanning tree root within this specified interval, it assumes that the network has changed and recomputes the spanning-tree topology. bridge group max-age seconds Note Syntax Description This command is supported only on bridges.
PAGE 45
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge priority bridge priority Use the bridge priority global configuration command to configure the spanning tree priority for the bridge. STP uses the bridge priority to select the spanning tree root. The lower the priority, the more likely it is that the bridge will become the spanning tree root. The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default.
PAGE 46
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge protocol ieee bridge protocol ieee Use the bridge number protocol ieee global configuration command to enable Spanning Tree Protocol (STP) on the bridge. STP is enabled for all interfaces assigned to the bridge group that you specify in the command. The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default.
PAGE 47
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group block-unknown-source bridge-group block-unknown-source Use the bridge-group block-unknown-source configuration interface command to block traffic from unknown MAC addresses on a specific interface. Use the no form of the command to disable unknown source blocking on a specific interface. For STP to function properly, block-unknown-source must be disabled for interfaces participating in STP.
PAGE 48
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group path-cost bridge-group path-cost Use the bridge-group path-cost configuration interface command to configure the path cost for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the path cost to calculate the shortest distance from the bridge to the spanning tree root. bridge-group group path-cost cost Note Syntax Description This command is supported only on bridges.
PAGE 49
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group port-protected bridge-group port-protected Use the bridge-group port-protected configuration interface command to enable protected port for public secure mode configuration. In Cisco IOS software, there is no exchange of unicast, broadcast, or multicast traffic between protected ports. bridge-group bridge-group port-protected Syntax Description bridge-group Defaults This command has no defaults.
PAGE 50
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group priority bridge-group priority Use the bridge-group priority configuration interface command to configure the spanning tree priority for the bridge Ethernet and radio interfaces. Spanning Tree Protocol (STP) uses the interface priority to select the root interface on the bridge. The radio and Ethernet interfaces and the native VLAN on the bridge are assigned to bridge group 1 by default.
PAGE 51
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group spanning-disabled bridge-group spanning-disabled Use the bridge-group spanning-disabled configuration interface command to disable Spanning Tree Protocol (STP) on a specific interface. Use the no form of the command to enable STP on a specific interface. For STP to function properly, spanning-disabled must be disabled for interfaces participating in STP.
PAGE 52
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group subscriber-loop-control bridge-group subscriber-loop-control Use the bridge-group subscriber-loop-control configuration interface command to enable loop control on virtual circuits associated with a bridge group. Use the no form of the command to disable loop control on virtual circuits associated with a bridge group.
PAGE 53
Chapter 2 Cisco IOS Commands for Access Points and Bridges bridge-group unicast-flooding bridge-group unicast-flooding Use the bridge-group unicast-flooding configuration interface command to enable unicast flooding for a specific interface. Use the no form of the command to disable unicast flooding for a specific interface. bridge-group group unicast-flooding Syntax Description group Defaults Unicast flooding is disabled by default.
PAGE 54
Chapter 2 Cisco IOS Commands for Access Points and Bridges broadcast-key broadcast-key Use the broadcast-key configuration interface command to configure the time interval between rotations of the broadcast encryption key used for clients. Use the no form of the command to disable broadcast key rotation. [no] broadcast-key [vlan vlan-id] [change secs] [ membership-termination ] [ capability-change ] Note Client devices using static WEP cannot use the access point when you enable broadcast key rotation.
PAGE 55
Chapter 2 Cisco IOS Commands for Access Points and Bridges cache authentication profile Examples This example shows how to configure vlan10 to support broadcast key encryption with a 5-minute key rotation interval: AP(config-if)# broadcast-key vlan 10 change 300 This example shows how to disable broadcast key rotation: AP(config-if)# no broadcast-key cache authentication profile Use the cache authentication profile server configuration command to configure the cache authentication profile.
PAGE 56
Chapter 2 Cisco IOS Commands for Access Points and Bridges cache authorization profile Related Commands Command Description aaa authentication login default local cache Sets local cache for AAA authentication login. aaa authorization exec default local cache Sets local cache for the AAA authorization exec mode. aaa cache profile Sets the AAA cache profile name. cache authorization profile Sets the cache authorization profile name.
PAGE 57
Chapter 2 Cisco IOS Commands for Access Points and Bridges cache expiry Related Commands Command Description aaa authentication login default local cache Sets local cache for AAA authentication login. aaa authorization exec default local cache Sets local cache for the AAA authorization exec mode. aaa cache profile Sets the AAA cache profile name. cache authentication profile Sets the cache authentication profile name. cache expiry Sets the expiration time for the server group cache.
PAGE 58
Chapter 2 Cisco IOS Commands for Access Points and Bridges cca Related Commands Command Description aaa authentication login default local cache Sets local cache for AAA authentication login. aaa authorization exec default local cache Sets local cache for the AAA authorization exec mode. aaa cache profile Sets the AAA cache profile name. cache authentication profile Sets the cache authentication profile name. cache authorization profile Sets the cache authorization profile name.
PAGE 59
Chapter 2 Cisco IOS Commands for Access Points and Bridges channel channel Use the channel configuration interface command to set the radio channel frequency and the 802.11n radio channel width. Use the no form of this command to reset the channel frequency to defaults. [no] channel {number | frequency | least-congested | width [20] [40-above] [40-below] | dfs} 802.11n allows both 20-MHz and 40-Mhz channel widths consisting of 2 contiguous non-overlapping channels (for example, 2.
PAGE 60
Chapter 2 Cisco IOS Commands for Access Points and Bridges channel Table 2-1 Channel Identifier Frequency (MHz) Channel Identifier Frequency (MHz) 1 2412 8 2447 2 2417 9 2452 3 2422 10 2457 4 2427 11 2462 5 2432 12 2467 6 2437 13 2472 7 2442 14 2484 Table 2-2 Channels and Center Frequencies for Access Point 5-GHz Radios Channel Identifier Frequency (MHz) Channel Identifier Frequency (MHz) Channel Identifier Frequency (MHz) 34 5170 100 5500 149 5745 36 5180
PAGE 61
Chapter 2 Cisco IOS Commands for Access Points and Bridges channel-match (LBS configuration mode) Command Modes Configuration interface Command History Release Modification 12.2(4)JA This command was introduced. 12.2(8)JA Parameters were added to support the 5-GHz access point radio. 12.2(11)JA Parameters were added to support the 5-GHz bridge radio. 12.4(10b)JA The width option was added to support 2.4-GHz and 5-GHz 802.11n radios.
PAGE 62
Chapter 2 Cisco IOS Commands for Access Points and Bridges class-map Related Commands Command Description dot11 lbs Creates an LBS profile and enters LBS configuration mode interface dot11 (LBS configuration mode) Enables an LBS profile on a radio interface method (LBS configuration mode) Specifies the location method used in an LBS profile multicast address (LBS configuration mode) Specifies the multicast address that LBS tag devices use when they send LBS packets packet-type (LBS configurati
PAGE 63
Chapter 2 Cisco IOS Commands for Access Points and Bridges class-map • description: describes the class map (up to 200 characters). The show class-map privileged EXEC command displays the description and the name of the class-map. • exit: exits from QoS class-map configuration mode. • match: configures classification criteria. For more information, see the match (class-map configuration) command. • no: removes a match statement from a class map. • rename: renames the current class map.
PAGE 64
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 aaa authentication mac-authen filter-cache clear dot11 aaa authentication mac-authen filter-cache Use the clear dot11 aaa authentication mac-authen filter-cache privileged EXEC command to clear entries from the MAC authentication cache. clear dot11 aaa authentication mac-authen filter-cache [address] Syntax Description address Defaults This command has no defaults.
PAGE 65
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 cckm-statistics clear dot11 cckm-statistics Use the clear dot11 cckm-statistics privileged EXEC command to reset CCKM statistics. clear dot11 cckm-statistics Syntax Description This command has no arguments or keywords. Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.2(15)JA This command was introduced.
PAGE 66
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 client clear dot11 client Use the clear dot11 client privileged EXEC command to deauthenticate a radio client with a specified MAC address. The client must be directly associated with the access point, not a repeater. clear dot11 client {mac-address} Syntax Description mac-address Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 67
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 hold-list clear dot11 hold-list Use the clear dot11 hold-list privileged EXEC command to reset the MAC, LEAP, and EAP authentications hold list. clear dot11 hold-list Syntax Description This command has no arguments or keywords. Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 68
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 statistics clear dot11 statistics Use the clear dot11 statistics privileged EXEC command to reset statistic information for a specific radio interface or for a particular client with a specified MAC address. clear dot11 statistics {interface | mac-address} Syntax Description interface Specifies a radio interface number mac-address Specifies a client MAC address (in xxxx.xxxx.
PAGE 69
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear dot11 ids mfp client statistics clear dot11 ids mfp client statistics Use the clear dot11 ids mfp client statistics privileged EXEC command to clear MFP-2 statistics on the access point console. clear dot11 ids mfp client statistics Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.5(3g)JA & 12.3(8)JEB This command was introduced.
PAGE 70
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear eap sessions clear eap sessions Command Description show dot11 statistics client-traffic Displays client traffic statistics show interfaces dot11radio Displays radio interface information show interfaces dot11radio statistics Displays radio interface statistics Use the clear eap sessions privileged EXEC command to clear the EAP session information on the access point.
PAGE 71
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear eap sessions Related Commands Command Description show eap sessions Displays all the EAP session information on the access point.
PAGE 72
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear iapp rogue-ap-list clear iapp rogue-ap-list Use the clear iapp rogue-ap-list privileged EXEC command to clear the list of IAPP rogue access points. clear iapp rogue-ap-list Note This command is not supported on bridges. Syntax Description This command has no arguments or keywords. Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.
PAGE 73
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear iapp statistics clear iapp statistics Use the clear iapp statistics privileged EXEC command to clear all the IAPP statistics. clear iapp statistics Syntax Description This command has no arguments or keywords. Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 74
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear ip igmp snooping membership clear ip igmp snooping membership Use the clear ip igmp snooping membership privileged EXEC command to reset IGMP host membership information on the access point. clear ip igmp snooping membership [vlan vlan id ] Syntax Description vlan vlan id Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced.
PAGE 75
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear wlccp wds clear wlccp wds Use the clear wlccp wds privileged EXEC command to clear WDS statistics and to remove devices from the WDS database. clear wlccp wds {[ap [mac-address]] | [mn [mac-address]] | statistics | aaa authentication mac-authen filter-cache [mac-address]} Syntax Description ap [mac-address] Removes access points from the WDS database. If you specify a MAC address (in the hhhh.hhhh.
PAGE 76
Chapter 2 Cisco IOS Commands for Access Points and Bridges clear wlccp wds recovery statistics clear wlccp wds recovery statistics Use the clear wlccp wds recovery statistics privileged EXEC command to clear WDS recovery statistics. clear wlccp wds recovery statistics Syntax Description This command has no arguments of keywords. Defaults This command has no default setting. Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced.
PAGE 77
Chapter 2 Cisco IOS Commands for Access Points and Bridges concatenation concatenation Use the concatenation configuration interface command to enable packet concatenation on the bridge radio. Using concatenation, the bridge combines multiple packets into one packet to reduce packet overhead and overall latency, and to increase transmission efficiency. concatenation [ bytes ] Note This command is supported only on bridges.
PAGE 78
Chapter 2 Cisco IOS Commands for Access Points and Bridges countermeasure tkip hold-time countermeasure tkip hold-time Use the countermeasure tkip hold-time configuration interface command to configure a TKIP MIC failure holdtime. If the access point detects two MIC failures within 60 seconds, it blocks all the TKIP clients on that interface for the holdtime period.
PAGE 79
Chapter 2 Cisco IOS Commands for Access Points and Bridges cw-max (QOS Class interface configuration mode) cw-max (QOS Class interface configuration mode) Use the cw-max QOS Class interface configuration mode command to configure the CAC 802.11 maximum contention window size for a radio interface. Use the no form of the command to remove the setting.
PAGE 80
Chapter 2 Cisco IOS Commands for Access Points and Bridges cw-max (QOS Class interface configuration mode) This example shows how to remove the CAC 802.11 maximum contention window for the radio interface: AP(config-if-qosclass)# no cw-max Related Commands Command Description admission-control (QOS Class interface configuration mode) Specifies that CAC admission control is required for the radio interface.
PAGE 81
Chapter 2 Cisco IOS Commands for Access Points and Bridges cw-min (QOS Class interface configuration mode) cw-min (QOS Class interface configuration mode) Use the cw-min QOS Class interface configuration mode command to configure the CAC 802.11 minimum contention window size for a radio interface. Use the no form of the command to remove the setting.
PAGE 82
Chapter 2 Cisco IOS Commands for Access Points and Bridges cw-min (QOS Class interface configuration mode) This example shows how to remove the CAC 802.11 minimum contention window for the radio interface: AP(config-if-qosclass)# no cw-min Related Commands Command Description admission-control (QOS Class interface configuration mode) Specifies that CAC admission control is required for the radio interface.
PAGE 83
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 debug dot11 Use the debug dot11 privileged EXEC command to begin debugging of radio functions. Use the no form of this command to stop the debug operation.
PAGE 84
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 Command Description Displays all debug settings and the debug packet headers debugging show interfaces dot11radio Displays configuration and status information for the radio interface Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 2-72 0L-24115-01
PAGE 85
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 aaa debug dot11 aaa Use the debug dot11 aaa privileged EXEC command to activate debugging of dot11 authentication, authorization, and accounting (AAA) operations. Use the no form of this command to stop the debug operation. [no] debug dot11 aaa {accounting | authenticator | dispatcher | manager } Syntax Description accounting Activates debugging of 802.
PAGE 86
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 cac Command History Examples Release Modification 12.2(4)JA This command was introduced. 12.2(15)JA This command was modified to include the accounting, authenticator, dispatcher, and manager debugging options.
PAGE 87
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 cac Examples This example shows how to begin debugging of all admission control radio-related events: AP# debug dot11 cac events This example shows how to begin verbose debugging of all admission control radio-related events: AP# debug dot11 cac unit This example shows how to stop debugging of all admission control radio-related events: AP# debug dot11 cac events This example shows how to stop verbose debugging of all admission con
PAGE 88
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 dot11radio debug dot11 dot11radio Use the debug dot11 dot11radio privileged EXEC command to turn on radio debug options. These options include run RF monitor mode and trace frames received or transmitted on the radio interface. Use the no form of this command to stop the debug operation.
PAGE 89
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 dot11radio Defaults Debugging is not enabled. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 90
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 ids debug dot11 ids Use the debug dot11 ids eap privileged EXEC command to enable debugging for wireless IDS monitoring. Use the no form of the command to disable IDS debugging. [no] debug dot11 ids {eap | cipher-errors} Note Syntax Description This command is not supported on 1400 series bridges.
PAGE 91
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug dot11 ids mfp debug dot11 ids mfp Use the debug dot11 ids mfp privileged EXEC command to debug Management Frame Protection (MFP) operations on the access point. [no] debug dot11 ids mfp ap {all |detector | events |generator | io} wds {all | detectors | events | generators | statistics}| wlccp Syntax Description ap Debugs MFP events on the access point. all Debugs all MFP events. detectors Debugs MFP detector key management events.
PAGE 92
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug eap debug eap To display information about Extensible Authentication Protocol (EAP), use the debug eap command in privileged EXEC mode. To disable debugging output, use the no form of this command. [no] debug eap {all | authenticator | errors | events | fast | gtc | leap | md5 | mschapv2 | packets | peer | sm | tls} Syntax Description all Turns on debugging for all EAP information.
PAGE 93
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug iapp debug iapp Use the debug iapp privileged EXEC command to begin debugging of IAPP operations. Use the no form of this command to stop the debug operation. [no] debug iapp {packets | event | error} Syntax Description packets Displays IAPP packets sent and received by the access point.
PAGE 94
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug radius local-server debug radius local-server Use the debug radius local-server privileged EXEC mode command to control the display of debug messages for the local authenticator.
PAGE 95
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug wlccp ap debug wlccp ap Use the debug wlccp ap privileged EXEC command to enable debugging for devices that interact with the access point that provides wireless domain services (WDS). debug wlccp ap {mn | rm [statistics | context | packet] | state | wds-discovery} Note Syntax Description This command is not supported on bridges.
PAGE 96
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug wlccp ap rm enhanced-neighbor-list debug wlccp ap rm enhanced-neighbor-list Use the debug wlccp ap rm enhanced-neighbor-list privileged EXEC command to enable internal debugging information and error messages of the Enhanced Neighbor List feature. Use the no form of the command to disable the debugging and error messages. [no] debug wlccp ap rm enhanced-neighbor-list Note This command is not supported on bridges.
PAGE 97
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug wlccp packet debug wlccp packet Use the debug wlccp packet privileged EXEC command to activate display of packets to and from the access point that provides wireless domain services (WDS). debug wlccp packet Note This command is not supported on bridges. Syntax Description This command has no arguments or keywords. Defaults Debugging is not enabled. Command Modes Privileged EXEC Command History Release Modification 12.
PAGE 98
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug wlccp rmlib debug wlccp rmlib Use the debug wlccp rmlib privileged EXEC command to activate display of radio management library functions on the access point that provides wireless domain services (WDS). debug wlccp rmlib Note This command is not supported on bridges. Syntax Description This command has no arguments or keywords. Defaults Debugging is not enabled.
PAGE 99
Chapter 2 Cisco IOS Commands for Access Points and Bridges debug wlccp wds debug wlccp wds Use the debug wlccp wds privileged EXEC command to activate display of wireless domain services (WDS) debug messages. debug wlccp wds aggregator [packet] authenticator {all | dispatcher | mac-authen | process | rxdata | state-machine | txdata} nm [packet | loopback] state statistics Note Syntax Description This command is not supported on bridges.
PAGE 100
Chapter 2 Cisco IOS Commands for Access Points and Bridges description (dot1x credentials configuration mode) Command History Examples Release Modification 12.2(11)JA This command was first introduced. 12.2(13)JA This command was modified to include the aggregator and nm options.
PAGE 101
Chapter 2 Cisco IOS Commands for Access Points and Bridges dfs band dfs band Use the dfs band configuration interface command to prevent the access point from automatically selecting specific groups of 5-GHz channels during dynamic frequency selection (DFS). Use the no form of the command to unblock groups of channels. [no] dfs band [1] [2] [3] [4] block Note Syntax Description This command is supported only on 5-GHz radios configured at the factory for use in the European Union and Signapore.
PAGE 102
Chapter 2 Cisco IOS Commands for Access Points and Bridges distance Usage Guidelines Some regulatory domains limit the 5-GHz channels that can be used in specific locations; for example, indoors or outdoors. Use the dfs band command to comply with the regulations in your regulatory domain.
PAGE 103
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 aaa authentication attributes service dot11 aaa authentication attributes service Use the dot11 aaa authentication attributes service global configuration command to set the service-type attribute in reauthentication requests. By default, the access point sends reauthentication requests to the authentication server with the service-type attribute set to authenticate-only.
PAGE 104
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 aaa authentication mac-authen filter-cache dot11 aaa authentication mac-authen filter-cache Use the dot11 aaa authentication mac-authen filter-cache global configuration command to enable MAC authentication caching on the access point. MAC authentication caching reduces overhead because the access point authenticates devices in its MAC-address cache without sending the request to your authentication server.
PAGE 105
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 aaa csid dot11 aaa csid Use the dot11 aaa csid global configuration command to select the format for MAC addresses in Called-Station-ID (CSID) and Calling-Station-ID attributes in RADIUS packets. dot11 aaa csid { default | ietf | unformatted } Syntax Description default Specifies the default format for MAC addresses in CSID attributes. The default format looks like this example: 0007.85b3.
PAGE 106
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 activity-timeout dot11 activity-timeout Use the dot11 activity-timeout global configuration command to configure the number of seconds that the access point tracks an inactive device (the number depends on its device class). The access point applies the unknown device class to all non-Cisco Aironet devices.
PAGE 107
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 adjacent-ap age-timeout Related Commands Command Description dot11 adjacent-ap age-timeout Specifies the number of hours an inactive entry remains in the list of adjacent access points show dot11 associations Display the radio association table, radio association statistics, or association information about wireless devices show dot11 network-map Displays the radio network map dot11 adjacent-ap age-timeout Use the dot11 adjacent-ap
PAGE 108
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 antenna-alignment dot11 antenna-alignment Use the dot11 antenna-alignment privileged EXEC command to activate the antenna-alignment tool for a radio interface. dot11[interface-number] antenna-alignment [timeout] Note Syntax Description Use this command to test and align the wireless antenna with another remote antenna. This command is available only to a wireless device configured as a repeater.
PAGE 109
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 arp-cache dot11 arp-cache Use the dot11 arp-cache global configuration command to enable client ARP caching on the access point. ARP caching on the access point reduces the traffic on your wireless LAN and increases client battery life by stopping ARP requests for client devices at the access point.
PAGE 110
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 association mac-list dot11 association mac-list To specify a MAC address access list used for dot11 association use the dot11 association mac-list command. dot11 association mac-list number Syntax Description number Defaults No MAC address access list is assigned. Examples This example shows the creation of a MAC address access list used to filter one client with a MAC address of 0000.1234.5678.
PAGE 111
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 auto-immune dot11 auto-immune Use the dot11 auto-immune command to enable or disable protection from Denial of Service (DoS) attacks. This feature protects against auto-immune attacks on the AP. dot11 auto-immune {enable | disable} Syntax Description enable Enables the auto-immune feature. disable Disables the auto-immune feature. Defaults This feature is disabled by default. Command History Release Modification 12.
PAGE 112
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 carrier busy dot11 carrier busy Use the dot11 carrier busy privileged exec command to display levels of radio activity on each channel. dot11 interface-number carrier busy Syntax Description interface-number Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(11)JA This command was introduced. Usage Guidelines Specifies the radio interface number (The 2.
PAGE 113
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 extension aironet dot11 extension aironet Use the dot11 extension aironet configuration interface command to enable or disable Cisco Aironet extensions to the IEEE 802.11b standard. Use the no form of this command to disable the Cisco Aironet extensions. [no] dot11 extension aironet Note You cannot disable Cisco Aironet extensions on bridges. Syntax Description This command has no arguments or keywords.
PAGE 114
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 extension power native dot11 extension power native Use the dot11 extension power native configuration interface command to configure the native MIB power table to be used to respond to SNMP queries on the access point power levels. This command works with the cd11IfPhyNativePowerUseStandard MIB object of the Cisco DOT11-IF-MIB. Use the no form of this command to use the standard MIB power table.
PAGE 115
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 holdoff-time dot11 holdoff-time Use the dot11 holdoff-time global configuration command to specify the hold-off time for EAP and MAC address authentication. The holdoff time is invoked when a client fails three login attempts or fails to respond to three authentication requests from the access point. Use the no form of the command to reset the parameter to defaults.
PAGE 116
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 ids eap attempts dot11 ids eap attempts Use the dot11 ids eap attempts global configuration command to configure the number of authentication attempts and the number of seconds of EAPOL flooding that trigger a fault on a scanner access point in monitor mode. Setting an authentication failure limit protects your network against a denial-of-service attack called EAPOL flooding. The 802.
PAGE 117
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 ids mfp dot11 ids mfp Use the dot11 ids mfp global configuration command to configure Management Frame Protection (MFP) parameters on the access point. Note To configure an MFP distributor, the access point must be configured as a WDS. [no] dot11 ids mfp {detector | distributor | generator} detector Enables the MFP detector on the access point. distributor Configures the MFP distributor on the access point.
PAGE 118
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 igmp snooping-helper dot11 igmp snooping-helper Use the dot11 igmp snooping-helper global configuration command to begin sending IGMP Query requests when a new client associates with the access point. Use the no form of this command to disable the IGMP Query requests. [no] dot11 igmp snooping-helper Syntax Description This command has no arguments or keywords. Defaults IGMP Query requests are disabled.
PAGE 119
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 lbs dot11 lbs Use the dot11 lbs global configuration command to create a location based services (LBS) profile and to enter LBS configuration mode. [no] dot11 lbs profile-name Syntax Description profile-name Defaults This command has no defaults. Command Modes Global configuration Command History Release Modification 12.3(4)JA This command was introduced.
PAGE 120
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 linktest dot11 linktest Use the dot11 linktest privileged EXEC command to test a radio link between the access point and a client device. dot11 interface-number linktest [target mac-address] [count packet-number] [interval sec] [packet-size size] [rate value] Syntax Description Defaults interface-number Specifies the radio interface number (The 2.4-GHz radio is radio 0, and the 5-GHz radio is radio 1.
PAGE 121
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 linktest Usage Guidelines Note The link test verifies the radio link between the access point and a client device by sending the client a series of special packets, which the client returns to the access point. Some client devices, such as non-Cisco wireless clients, wired clients that are connected to a workgroup bridge, or non-Cisco clients connected to a repeater access point, might not respond to link test packets.
PAGE 122
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 location isocc dot11 location isocc Use the dot11 location isocc global configuration command to configure location identifiers that the access point sends with all RADIUS authentication and accounting requests.
PAGE 123
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 mbssid dot11 mbssid Use the dot11 mbssid global configuration command to enable multiple basic SSIDs on all access point radio interfaces. [no] dot11 mbssid Note This command is supported only on access points that contain at least one radio interface that supports multiple basic SSIDs. To determine whether a radio supports multiple basic SSIDs, enter the show controllers radio_interface command.
PAGE 124
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 meter dot11 meter Use the dot11 meter privileged EXEC command to measure the performance of packet forwarding. To display the results, use the show dot11 statistics metered-traffic command. dot11 interface-number meter Syntax Description interface-number Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 125
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 network-map dot11 network-map Use the dot11 network-map global configuration command to enable the radio network map feature. When enabled, the access point broadcasts a IAPP GenInfo Request every collection interval. This request solicits information from all Cisco access points in the same Layer 2 domain. Upon receiving a GetInfo Request, the access point sends a unicast IAPP GenInfo Response back to the requester.
PAGE 126
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 phone Syntax Description dot11e Defaults This command has no defaults. Command Modes Global configuration Command History Release Modification 12.2(4)JA This command was introduced. 12.3(7)JA Parameter added for the standard (IEEE 802.11e draft 13) QBSS Load IE. Usage Guidelines Specifies the use of the standard QBSS Load Information Element (IE). Enabling IEEE 802.
PAGE 127
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 priority-map avvid dot11 priority-map avvid Use the dot11 priority-map avvid global configuration command to enable or disable Cisco AVVID (Architecture for Voice, Video and Integrated Data) priority mapping. AVVID priority mapping maps Ethernet packets tagged as class of service 5 to class of service 6. This feature enables the access point to apply the correct priority to voice packets for compatibility with Cisco AVVID networks.
PAGE 128
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 qos class dot11 qos class Use the dot11qos class interface configuration mode command to configure QOS class parameters for the radio interface. Use the no form of the command to disable the QOS parameters. [no] dot11 qos class {background | best-effort | video | voice} { [both] [cell] [local] } Note Syntax Description This command is not supported when operating in repeater mode.
PAGE 129
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 ssid Command Description traffic-stream Configures CAC traffic data rates and priorities on the access point. debug cac Provides debug information for CAC admission control on the access point. dot11 ssid Use the dot11 ssid global configuration command to create a global SSID. The SSID is inactive until you use the ssid configuration interface command to assign the SSID to a specific radio interface.
PAGE 130
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 update-group-key Related Commands Command Description show running-config ssid Displays configuration details for SSIDs created in global configuration mode ssid Creates an SSID in configuration interface mode or assigns a globally configured SSID to a specific radio interface dot11 update-group-key Use the dot11 update-group-key privileged EXEC command to trigger an update of the WPA group key.
PAGE 131
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 vlan-name dot11 vlan-name Use the dot11 vlan-name global configuration command to assign a name to a VLAN in addition to its numerical ID. dot11 vlan-name name vlan vlan-id Syntax Description name Specifies a name to assign to a VLAN ID. The name can contain up to 32 ASCII characters. vlan-id Specifies the VLAN ID to which the name is assigned. Defaults This command has no default setting.
PAGE 132
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 wpa handshake init-delay dot11 wpa handshake init-delay Use the dot11 wpa handshake init-delay configuration command to introduce a delay to start the four-way handshake in WPA PSK or dot1x. This command is applicable to an AP working in root or bridge mode. dot11 wpa handshake init-delay time Syntax Description time Defaults The default timeout is 0 ms. Command Modes Global configuration Command History Release Modification 12.
PAGE 133
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot11 wpa handshake timeout dot11 wpa handshake timeout Use the dot11 wpa handshake timeout configuration command to adjust the duration before timing out WPA key packet transmission. This timer value may need to be increased with WPA clients in PSP mode. dot11 wpa handshake timeout time Syntax Description time Defaults The default timeout is 100ms.
PAGE 134
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot1x eap profile (configuration interface mode) Usage Guidelines Use the dot1x credentials command to configure a dot1x credentials profile. Issuing dot1x credentials profile-name puts you in dot1x credentials configuration mode where you can specify profile parameters using these subcommands: Command Description anonymous-id Specifies an anonymous user identification name.
PAGE 135
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot1x eap profile (configuration interface mode) Usage Guidelines You must first configure an EAP profile before you can enable the profile on the fast Ethernet interface. To configure an EAP profile, use the eap profile configuration command. To enable a preconfigured EAP profile on the fast Ethernet interface, use the dot1x eap profile configuration interface command.
PAGE 136
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot1x eap profile (SSID configuration mode) dot1x eap profile (SSID configuration mode) Use the dot1x eap profile SSID configuration mode command to enable a preconfigured EAP profile for the SSID. Use the no form of this command to disable the EAP profile. [no] dot1x eap profile profile-name Syntax Description profile-name Defaults This command has no default setting.
PAGE 137
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot1x timeout reauth-period dot1x timeout reauth-period Use the dot1x timeout reauth-period configuration interface command to configure the dot1x client reauthentication period. The no form of the command disables reauthentication. [no] dot1x timeout reauth-period { | server} Syntax Description sec Specifies the number of seconds (1 to 65555 seconds). server Specifies reauthentication period is configured on the authentication server.
PAGE 138
Chapter 2 Cisco IOS Commands for Access Points and Bridges dot1x timeout supp-response dot1x timeout supp-response Use the dot1x timeout supp-response global configuration command to configure the time that an access point waits for the wireless client to reply to an EAP dot1x message. The no form of the command disables the timeout. [no] dot1x timeout supp-response time [local] Syntax Description time Specifies the timeout value (1 to 120 seconds).
PAGE 139
Chapter 2 Cisco IOS Commands for Access Points and Bridges duplex Defaults The default duplex setting is auto. Command Modes Interface configuration mode Command History Release Modification 12.2(4)JA This command was introduced. Usage Guidelines Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the Ethernet port.
PAGE 140
Chapter 2 Cisco IOS Commands for Access Points and Bridges eap profile eap profile Use the eap profile global configuration command to configure an EAP profile. Use the no form of this command to disable the EAP profile. [no] eap profile profile-name Note This command is not supported on c1200 and c1100 platforms. Syntax Description profile-name Defaults This command has no default setting. Command Modes Configuration interface Command History Release Modification 12.
PAGE 141
Chapter 2 Cisco IOS Commands for Access Points and Bridges eapfast authority eapfast authority Use the eapfast authority command to configure an EAP-FAST authority ID (AID) for a local authenticator access point. The EAP-FAST AID identifies the server that authenticates the EAP-FAST client. The local authenticator sends its AID to an authenticating client, and the client checks its database for a matching AID. If the client does not recognize the AID, it requests a new Protected Access Credential (PAC).
PAGE 142
Chapter 2 Cisco IOS Commands for Access Points and Bridges eapfast pac expiry eapfast pac expiry Use the eapfast pac expiry global configuration command to set the Protected Access Credential (PAC) expiration time and grace period for a group of EAP-FAST clients associated to a local authenticator access point. [no] eapfast pac expiry days [grace days] Syntax Description days Specifies the number of days that the PAC is valid for a group of EAP-FAST clients. Enter a number of days from 1 to 4095.
PAGE 143
Chapter 2 Cisco IOS Commands for Access Points and Bridges eapfast server-key eapfast server-key Use the eapfast server-key command to configure EAP-FAST server keys. The local authenticator uses server keys to encrypt Protected Access Credential (PAC) files that it generates and to decrypt PACs when it is authenticating clients. The server maintains two keys, a primary key and a secondary key, and uses the primary key to encrypt PACs.
PAGE 144
Chapter 2 Cisco IOS Commands for Access Points and Bridges encryption key encryption key Use the encryption key configuration interface command to define a WEP key used for data encryption on the wireless LAN or on a specific virtual LAN (VLAN). Use the no form of the command to remove a specific encryption key. Note You need to configure static WEP keys only if your access point supports client devices that use static WEP.
PAGE 145
Chapter 2 Cisco IOS Commands for Access Points and Bridges encryption key Command History Usage Guidelines Release Modification 12.2(4)JA This command was introduced. Using security features such as authenticated key management can limit WEP key configurations. Table 2-9 lists WEP key restrictions based on your security configuration.
PAGE 146
Chapter 2 Cisco IOS Commands for Access Points and Bridges encryption mode ciphers encryption mode ciphers Use the encryption mode ciphers configuration interface command to enable a cipher suite. Cipher suites are sets of encryption algorithms that, like WEP, protect radio communication on your wireless LAN. You must use a cipher suite to enable Wi-Fi Protected Access (WPA) or Cisco Centralized Key Management (CCKM).
PAGE 147
Chapter 2 Cisco IOS Commands for Access Points and Bridges encryption mode ciphers Command History Usage Guidelines Release Modification 12.2(4)JA This command was introduced. 12.2(15)JA This command was modified to include support for AES-CCMP. If you configure your access point to use WPA or CCKM authenticated key management, you must select a cipher suite compatible with the authenticated key management type. Table 2-10 lists the cipher suites that are compatible with WPA and CCKM.
PAGE 148
Chapter 2 Cisco IOS Commands for Access Points and Bridges encryption mode wep encryption mode wep Use the encryption mode wep configuration interface command to enable a specific encryption type that is used to communicate on the wireless LAN or on a specific VLAN. When encryption is enabled, all client devices on the wireless LAN or on a VLAN must support the specified encryption methods to communicate with the access point.
PAGE 149
Chapter 2 Cisco IOS Commands for Access Points and Bridges exception crashinfo buffersize This example shows how to disable mandatory encryption on VLAN 1: AP(config-if)# no encryption vlan 1 mode wep mandatory Related Commands Command Description show running-config Displays the current access point operating configuration exception crashinfo buffersize To change the size of the buffer used for crashinfo files, use the exception crashinfo buffersize command in global configuration mode.
PAGE 150
Chapter 2 Cisco IOS Commands for Access Points and Bridges exception crashinfo file exception crashinfo file To enable the creation of a diagnostic file at the time of unexpected system shutdowns, use the exception crashinfo file command in global configuration mode. To disable the creation of crashinfo files, use the no form of this command.
PAGE 151
Chapter 2 Cisco IOS Commands for Access Points and Bridges fixed-slot (QOS Class interface configuration mode) fixed-slot (QOS Class interface configuration mode) Use the fixed-slot QOS Class interface configuration mode command to configure the CAC 802.11 fixed backoff slot time for a radio interface. Use the no form of the command to remove the setting. fixed-slot 0-16 no cw-max Note This command is not supported when operating in repeater mode.
PAGE 152
Chapter 2 Cisco IOS Commands for Access Points and Bridges fixed-slot (QOS Class interface configuration mode) Examples This example shows how to configure the CAC 802.11 fixed backoff slot time for the radio interface: AP(config)# interface dot11radio 0 AP(config-if)# dot11 qos class voice AP(config-if-qosclass)# fixed-slot 6 This example shows how to remove the CAC 802.
PAGE 153
Chapter 2 Cisco IOS Commands for Access Points and Bridges fragment-threshold fragment-threshold Use the fragment-threshold configuration interface command to set the size at which packets are fragmented. Use the no form of the command to reset the parameter to defaults. [no] fragment-threshold 256-2346 Syntax Description 256-2346 Defaults The default threshold is 2346 bytes Command Modes Configuration interface Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 154
Chapter 2 Cisco IOS Commands for Access Points and Bridges group (local server configuration mode) group (local server configuration mode) Use the group local server configuration mode command to enter user group configuration mode and configure a user group to which you can assign shared settings. In user group configuration mode you can specify settings for the user group such as VLAN and SSID. group group Note This command is not supported on bridges.
PAGE 155
Chapter 2 Cisco IOS Commands for Access Points and Bridges guard-interval guard-interval Use the guard-interval configuration mode command to configure the The 802.11n guard interval. The guard interval is the period in nanoseconds the radio listens between packets. Two settings are available: short (400ns) and long (800ns). Syntax Description any Allows the radio to use either short or long guard intervals. long Specifies a guard interval of 800ns. Defaults This command has no defaults.
PAGE 156
Chapter 2 Cisco IOS Commands for Access Points and Bridges guest-mode (SSID configuration mode) guest-mode (SSID configuration mode) Use the guest-mode SSID configuration mode command to configure the radio interface (for the specified SSID) to support guest mode. Use the no form of the command to disable the guest mode. [no] guest-mode Syntax Description This command has no arguments or keywords. Defaults This command has no defaults.
PAGE 157
Chapter 2 Cisco IOS Commands for Access Points and Bridges iapp standby mac-address iapp standby mac-address Use the iapp standby mac-address global configuration command to configure an access point to be in standby mode and specify the monitored access point’s MAC address. Use the no form of this command to disable the access point standby mode. [no] iapp standby mac-address mac-address Note This command is not supported on bridges.
PAGE 158
Chapter 2 Cisco IOS Commands for Access Points and Bridges iapp standby poll-frequency iapp standby poll-frequency Use the iapp standby poll-frequency global configuration command to configure the standby mode polling interval. Use the no form of this command to clear the access point standby mode poll frequency. [no] iapp standby poll-frequency sec [mac-address] Note Syntax Description This command is not supported on bridges.
PAGE 159
Chapter 2 Cisco IOS Commands for Access Points and Bridges iapp standby primary-shutdown iapp standby primary-shutdown Use the iapp standby primary-shutdown global configuration command to disable the radio interfaces on the monitored access point when the standby access point becomes active.
PAGE 160
Chapter 2 Cisco IOS Commands for Access Points and Bridges iapp standby timeout iapp standby timeout Use the iapp standby timeout global configuration command to configure the standby mode polling timeout value. Use the no form of this command to clear the standby mode polling timeout value. [no] iapp standby timeout sec Syntax Description sec Defaults When you enable hot standby, the default standby timeout is 20 seconds.
PAGE 161
Chapter 2 Cisco IOS Commands for Access Points and Bridges ids mfp client ids mfp client Use the ids mfp client SSID configuration command to enable and explicitly specify the status of MFP-2. To disable MFP-2 on an access point, use the no form of this command. [no] ids mfp client{[required | optional] } Syntax Description required MFP-2 is mandatory for a client to authenticate to an access point. optional MFP-2 is optional for a client to authenticate to an access point.
PAGE 162
Chapter 2 Cisco IOS Commands for Access Points and Bridges Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 2-150 0L-24115-01
PAGE 163
Chapter 2 Cisco IOS Commands for Access Points and Bridges information-element ssidl (SSID configuration mode) information-element ssidl (SSID configuration mode) Use the information-element ssidl SSID configuration command to designate an SSID for inclusion in an SSIDL information element (IE) that the access point includes in beacons.
PAGE 164
Chapter 2 Cisco IOS Commands for Access Points and Bridges infrastructure-client infrastructure-client Use the infrastructure-client configuration interface command to configure a virtual interface for a workgroup bridge client. Use the no form of the command to disable the workgroup bridge client virtual interface. [no] infrastructure-client Note Enter this command on an access point or bridge. This command is not supported on devices configured as workgroup bridges.
PAGE 165
Chapter 2 Cisco IOS Commands for Access Points and Bridges infrastructure-ssid (SSID configuration mode) infrastructure-ssid (SSID configuration mode) Use the infrastructure-ssid command in SSID configuration mode to reserve this SSID for infrastructure associations, such as those from one access point or bridge to another. Use the no form of the command to revert to a normal non-infrastructure SSID.
PAGE 166
Chapter 2 Cisco IOS Commands for Access Points and Bridges interface dot11 (LBS configuration mode) interface dot11 (LBS configuration mode) Use the interface dot11 location based services (LBS) configuration mode command to specify the radio interface on which an LBS profile is enabled. An LBS profile remains inactive until you enter this command. [no] interface dot11 {0 | 1} Syntax Description {0 | 1} Defaults LBS profiles are disabled by default. Command History Release Modification 12.
PAGE 167
Chapter 2 Cisco IOS Commands for Access Points and Bridges interface dot11radio interface dot11radio Use the interface dot11radio global configuration command to place access point into the radio configuration mode. interface dot11radio interface-number Syntax Description interface-number Defaults The default radio interface number is 0. Command Modes Global configuration Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 168
Chapter 2 Cisco IOS Commands for Access Points and Bridges ip igmp snooping vlan ip igmp snooping vlan Use the ip igmp snooping vlan global configuration command to enable IGMP snooping on a Catalyst VLAN. [no] ip igmp snooping vlan vlan-id Note If there is no multicast router for processing IGMP query and response from the host, it is mandatory that no ip igmp snooping be configured on the access point. When IGMP snooping is enabled, all multicast group traffic must send IGMP query and response.
PAGE 169
Chapter 2 Cisco IOS Commands for Access Points and Bridges ip redirection ip redirection Use the ip redirection SSID configuration mode command to enable IP redirection for an SSID. When you configure IP redirection for an SSID, the access point redirects packets sent from client devices associated to that SSID to a specific IP address.
PAGE 170
Chapter 2 Cisco IOS Commands for Access Points and Bridges l2-filter bridge-group-acl This example shows how to configure IP redirection only for packets sent to the specific TCP and UDP ports specified in an ACL.
PAGE 171
Chapter 2 Cisco IOS Commands for Access Points and Bridges l2-filter-block-arp Related Commands Command Description bridge-group port-protected Enables protected port for public secure mode configuration show bridge Displays information on the bridge group or classes of entries in the bridge forwarding database show bridge group Displays information about configured bridge groups l2-filter-block-arp Use the l2-filter block-arp command on radio interface to block all ARP requests whose target L3-a
PAGE 172
Chapter 2 Cisco IOS Commands for Access Points and Bridges led display led display Use the led display global configuration command to reduce the brightness or to turn-off the Status LED on the Cisco Aironet 1130AG access point. Use the no form of the command to return the Status LED to full intensity operation. [no] led display {off | dim} Syntax Description off Turns-off the Status LED. dim Reduces the brightness of the Status LED. Defaults This command has no defaults.
PAGE 173
Chapter 2 Cisco IOS Commands for Access Points and Bridges led flash led flash [seconds | disable] Syntax Description seconds Specifies the number of seconds (1 to 3600) that the LEDs blink disable Stops the blinking of the LEDs Defaults The default is continuous blinking of the LEDs. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 174
Chapter 2 Cisco IOS Commands for Access Points and Bridges logging buffered logging buffered Use the logging buffered global configuration command to begin logging of messages to an internal buffer. Use the no form of this command to stop logging messages.
PAGE 175
Chapter 2 Cisco IOS Commands for Access Points and Bridges logging snmp-trap logging snmp-trap Use the logging snmp-trap global configuration command to specify the severity level of syslog messages for which the access point sends SNMP traps. [no] logging snmp-trap severity Syntax Description severity Specifies the severity levels for which the access point sends SNMP traps. You can enter a range of severity levels--0 through 7--or a single severity level.
PAGE 176
Chapter 2 Cisco IOS Commands for Access Points and Bridges match (class-map configuration) match (class-map configuration) Use the match class-map configuration command to define the match criteria to classify traffic. Use the no form of this command to remove the match criteria.
PAGE 177
Chapter 2 Cisco IOS Commands for Access Points and Bridges match (class-map configuration) For the match ip dscp dscp-list or the match ip precedence ip-precedence-list command, you can enter a mnemonic name for a commonly used value. For example, you can enter the match ip dscp af11 command, which is the same as entering the match ip dscp 10 command. You can enter the match ip precedence critical command, which is the same as entering the match ip precedence 5 command.
PAGE 178
Chapter 2 Cisco IOS Commands for Access Points and Bridges max-associations (SSID configuration mode) max-associations (SSID configuration mode) Use the max-associations SSID configuration mode command to configure the maximun number of associations supported by the radio interface (for the specified SSID). Use the no form of the command to reset the parameter to the default value. [no] max-associations value Syntax Description value Defaults This default maximum is 255.
PAGE 179
Chapter 2 Cisco IOS Commands for Access Points and Bridges mbssid mbssid Use the mbssid configuration interface command to enable multiple basic SSIDs on an access point radio interface. [no] mbssid Note This command is supported only on radio interfaces that support multiple BSSIDs. To determine whether a radio supports multiple BSSIDs, enter the show controllers radio_interface command.
PAGE 180
Chapter 2 Cisco IOS Commands for Access Points and Bridges mbssid (SSID configuration mode) mbssid (SSID configuration mode) Use the mbssid SSID configuration mode command to include the SSID name in the beacon and broadcast probe response and to configure the DTIM period for the SSID. [no] mbssid [guest-mode] [dtim-period period] Note Syntax Description This command is supported only on radio interfaces that support multiple basic SSIDs.
PAGE 181
Chapter 2 Cisco IOS Commands for Access Points and Bridges mbssid (SSID configuration mode) Examples This example shows how to include a BSSID in the beacon: AP(config-if-ssid)# mbssid guest-mode This example shows how to configure a DTIM period for a BSSID: AP(config-if-ssid)# mbssid dtim-period 5 This example shows how to include a BSSID in the beacon and to configure a DTIM period: AP(config-if-ssid)# mbssid guest-mode dtim-period 5 Related Commands Command Description dot11 mbssid Enables BSSI
PAGE 182
Chapter 2 Cisco IOS Commands for Access Points and Bridges method (eap profile configuration mode) method (eap profile configuration mode) Use the method EAP profile configuration mode command to enable method types used in an EAP profile. Use the no form of the command to disable the EAP method. [no] method [fast] [gtc] [leap] [md5] [mschapv2] [tls] Syntax Description fast Specifies the EAP-FAST method of authentication. gtc Specifies the EAP-GTC method of authentication.
PAGE 183
Chapter 2 Cisco IOS Commands for Access Points and Bridges method (LBS configuration mode) method (LBS configuration mode) Use the method location based services (LBS) configuration mode command to specify the location method used in an LBS profile. method method Syntax Description method Defaults The default location method is RSSI. Command Modes LBS configuration mode Command History Release Modification 12.3(4)JA This command was introduced.
PAGE 184
Chapter 2 Cisco IOS Commands for Access Points and Bridges mobile station mobile station Use the mobile station configuration interface command to configure a bridge or a workgroup bridge as a mobile device. When you enable this setting on a device in non-root or workgroup bridge mode, the device scans for a new parent association when it encounters a poor Received Signal Strength Indicator (RSSI), excessive radio interference, or a high frame-loss percentage.
PAGE 185
Chapter 2 Cisco IOS Commands for Access Points and Bridges mobile station Release Modification 12.3(4)JA Support added for 1200 series access points in workgroup bridge mode. 12.4(3g)JA & 12.3(8)JEB Added limited scanning and neighbor list manipulation. Support added for 1130, and 1240 access points. 12.4(25d)JA Added minimum-rate manipulation. Support added for access point in workgroup bridge.
PAGE 186
Chapter 2 Cisco IOS Commands for Access Points and Bridges mobility network-id mobility network-id Use the mobility network-id SSID configuration mode command to associate an SSID to a Layer 3 mobility network ID. Use the no form of the command to disassociate the SSID from the mobility network ID. [no] mobility network-id network-id Syntax Description network-id Defaults This command has no defaults. Command Modes SSID configuration interface Command History Release Modification 12.
PAGE 187
Chapter 2 Cisco IOS Commands for Access Points and Bridges multicast address (LBS configuration mode) multicast address (LBS configuration mode) Use the multicast address location based services (LBS) configuration mode command to specify the multicast address that LBS tag devices use when they send LBS packets. multicast address mac-address Syntax Description mac-address Defaults The default multicast address is 01:40:96:00:00:10. Command History Release Modification 12.
PAGE 188
Chapter 2 Cisco IOS Commands for Access Points and Bridges nas (local server configuration mode) nas (local server configuration mode) Use the nas local server configuration mode command to add an access point to the list of devices that use the local authenticator. nas ip-address key shared-key Syntax Description ip-address Specifies the IP address of the NAS access point shared-key Specifies the shared key used to authenticate communication between the local authenticator and other access points.
PAGE 189
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet max-retries packet max-retries Use the packet max-retries configuration interface command to specify the maximum number of attempts per non-best-effort data packet before discarding the packet. Use the no form of the command to reset the parameter to defaults.
PAGE 190
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet max-retries Related Commands Command Description show running-config Displays the current access point operating configuration.
PAGE 191
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet retries packet retries Use the packet retries configuration interface command to specify the maximum number of attempts to send a packet. Use the no form of the command to reset the parameter to defaults. [no] packet retries 1-128 Syntax Description 1-128 Defaults The default number of retries is 32. Command Modes Configuration interface Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 192
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet speed packet speed Use the packet speed configuration interface command to specify downlink data rates and priorities for packets which have been declared discard-eligible in the packet max-retries command. Use the no form of the command to disable specified speeds and priorities and to restore the default data rates. [no] packet speed [rate1....rateN | default] priority 0-7 rate1....
PAGE 193
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet timeout packet timeout Use the packet timeout configuration interface command to specify the packet timeout period for a priority. Queued packets whose age has exceeded the timeout threshold will be discarded if they have been declared discard-eligible in the packet max-retries command. Use the no form of the command to reset the parameter to defaults.
PAGE 194
Chapter 2 Cisco IOS Commands for Access Points and Bridges packet-type (LBS configuration mode) packet-type (LBS configuration mode) Use the packet-type location based services (LBS) configuration mode command to specify the LBS packet type that accepted in an LBS profile. packet-type {extended | short} Syntax Description extended Specifies that the access point accepts extended packets from LBS tag devices. An extended packet contains two bytes of LBS information in the frame body.
PAGE 195
Chapter 2 Cisco IOS Commands for Access Points and Bridges parent parent Use the parent configuration interface command to add a parent to a list of valid parent access points. Use the no form of the command to remove a parent from the list. [no] parent 1-4 mac-address Syntax Description 1-4 Specifies the parent root access point number (1 to 4) mac-address Specifies the MAC address (in xxxx.xxxx.xxxx format) of a parent access point Defaults Repeater access point operation is disabled by default.
PAGE 196
Chapter 2 Cisco IOS Commands for Access Points and Bridges parent timeout parent timeout Use the parent timeout configuration interface command to define the amount of time that a repeater tries to associate with a parent access point. Use the no form of the command to disable the timeout. [no] parent timeout sec Syntax Description sec Defaults Parent timeout is disabled by default. Command Modes Configuration interface Command History Release Modification 12.
PAGE 197
Chapter 2 Cisco IOS Commands for Access Points and Bridges password (dot1x credentials configuration mode) password (dot1x credentials configuration mode) Use the password dot1x credentials configuration mode command to specify dot1x credential user password. Use the no form of the command to disable the password. [no] password [number] password Syntax Description number Specifies the type of password that follows. 0 indicates the password is unencrypted. 7 indicates the password is hidden.
PAGE 198
Chapter 2 Cisco IOS Commands for Access Points and Bridges payload-encapsulation payload-encapsulation Use the payload-encapsulation configuration interface command to specify the Ethernet encapsulation type used to format Ethernet data packets that are not formatted using IEEE 802.3 headers. Data packets that are not IEEE 802.3 packets must be reformatted using IEEE 802.1H or RFC1042. Use the no form of the command to reset the parameter to defaults.
PAGE 199
Chapter 2 Cisco IOS Commands for Access Points and Bridges pki-trustpoint (dot1x credentials configuration mode) pki-trustpoint (dot1x credentials configuration mode) Use the pki-trustpoint dot1x credentials configuration mode command to configure the PKI-Trustpoint for the dot1x credential. Use the no form of the command to disable the PKI-Trustpoint. [no] pki-trustpoint name Syntax Description name Defaults This command has no defaults.
PAGE 200
Chapter 2 Cisco IOS Commands for Access Points and Bridges power client power client Use the power client configuration interface command to configure the maximum power level clients should use for IEEE 802.11b radio transmissions to the access point. The power setting is transmitted to the client device during association with the access point. Use the no form of the command to not specify a power level. 2.4-GHz Radio (802.11b) [no] power client {1 | 5 | 20 | 30 | 50 | 100 | maximum }1 2.
PAGE 201
Chapter 2 Cisco IOS Commands for Access Points and Bridges power client Syntax Description For the 802.11b, 2.4-GHz radio: 1, 5, 20, 30, 50, 100, maximum1 Specifies a specific power level in mW or in dBm. Maximum power is regulated by the regulatory domain for the country of operation and is set during manufacture of the access point and client device. Note For the 802.11g, 2.
PAGE 202
Chapter 2 Cisco IOS Commands for Access Points and Bridges power inline negotiation power inline negotiation Use the power inline negotiation configuration command to configure the Cisco Aironet 1130AG or 1240AG series access point to operate with older switch software that does not support Cisco Intelligent Power Management power negotiations. Use the no form of the command to disable the access point inline power settings.
PAGE 203
Chapter 2 Cisco IOS Commands for Access Points and Bridges power inline negotiation Usage Guidelines To help avoid an over-current condition with low power sources and to optimize power usage on Cisco switches, Cisco developed Intelligent Power Management, which uses Cisco Discovery Protocol (CDP) to allow powered devices (the Cisco Aironet 1130AG and 1240AG series access points) to negotiate with a Cisco switch for sufficient power.
PAGE 204
Chapter 2 Cisco IOS Commands for Access Points and Bridges power local power local Use the power local configuration interface command to configure the access point or bridge radio power level. Use the no form of the command to reset the parameter to defaults. On the 2.4-GHz, 802.11g radio, you can set Orthogonal Frequency Division Multiplexing (OFDM) power levels and Complementary Code Keying (CCK) power levels. CCK modulation is supported by 802.11b and 802.11g devices.
PAGE 205
Chapter 2 Cisco IOS Commands for Access Points and Bridges power local Syntax Description For the 802.11b, 2.4-GHz access point radio: Specifies access point power setting in mW or in dBm. Maximum power is regulated by the regulatory domain 1, 5, 20, 30, 50, 100, or maximum1 for the country of operation and is set during For the 802.11g, 2.4-GHz access point radio: manufacture of the access point and client device.
PAGE 206
Chapter 2 Cisco IOS Commands for Access Points and Bridges preamble-short Examples This example shows how to specify a 20-mW transmit power level for the 802.
PAGE 207
Chapter 2 Cisco IOS Commands for Access Points and Bridges preamble-short Examples This example shows how to set the radio packet to use a short preamble. AP(config-if)# preamble-short This example shows how to set the radio packet to use a long preamble.
PAGE 208
Chapter 2 Cisco IOS Commands for Access Points and Bridges probe-response gratuitous probe-response gratuitous Gratuitous Probe Response (GPR) aids in conserving battery power in dual mode phones that support cellulcar and WLAN modes of operation. GPR is available on 5-GHz radios and is disabled by default. Use the probe-response gratuitous configuration interface command to define amount of time between GPRs and the daterate used to transmit the GPR.
PAGE 209
Chapter 2 Cisco IOS Commands for Access Points and Bridges radius local-server pac-generate radius local-server pac-generate Use the radius local-server pac-generate global configuration command to generate a Protected Access Credential (PAC) for a client device on a local authenticator access point. The local authenticator automatically generates PACs for EAP-FAST clients that request them. However, you might need to generate a PAC manually for some client devices.
PAGE 210
Chapter 2 Cisco IOS Commands for Access Points and Bridges radius-server local radius-server local Use the radius-server local global configuration command to enable the access point as a local or backup authenticator and to enter configuration mode for the local authenticator. radius-server local Note This command is not supported on bridges. Defaults This command has no defaults. Command Modes Global configuration Command History Release Modification 12.2(11)JA This command was introduced.
PAGE 211
Chapter 2 Cisco IOS Commands for Access Points and Bridges rts rts Use the rts configuration interface command to set the Request-To-Send (RTS) threshold and the number of retries. Use the no form of the command to reset the parameter to defaults.
PAGE 212
Chapter 2 Cisco IOS Commands for Access Points and Bridges rts AP(config-if)# rts retries 3 This example shows how to reset the parameter to defaults: AP(config-if)# no rts Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 2-200 0L-24115-01
PAGE 213
Chapter 2 Cisco IOS Commands for Access Points and Bridges server-address (LBS configuration mode) server-address (LBS configuration mode) Use the server-address LBS configuration mode command to specify the IP address of your location server and the port number on the server to which LBS access points send UDP packets that contain positioning information. server-address ip-address port port-number Syntax Description ip-address Specifies the IP address of the location server on your network.
PAGE 214
Chapter 2 Cisco IOS Commands for Access Points and Bridges short-slot-time short-slot-time Use the short-slot-time configuration interface command to enable short slot time on the 802.11g, 2.4-GHz radio. Short slot time reduces the slot time from 20 microseconds to 9 microseconds, thereby increasing throughput. The access point uses short slot time only when all clients that are associated to the 802.11g radio can support short slot time. short-slot-time Note This command is supported only on 802.
PAGE 215
Chapter 2 Cisco IOS Commands for Access Points and Bridges show boot mode-button show boot mode-button Use the show boot mode-button privileged EXEC command to display the access point mode button status. show boot mode-button Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(7)JA This command was introduced.
PAGE 216
Chapter 2 Cisco IOS Commands for Access Points and Bridges show controllers dot11radio show controllers dot11radio Use the show controllers dot11radio privileged EXEC command to display the radio controller status. show controllers dot11radio interface-number Syntax Description interface-number Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced. 12.4(3g)JA & 12.
PAGE 217
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 aaa authentication mac-authen filter-cache show dot11 aaa authentication mac-authen filter-cache Use the show dot11 aaa authentication mac-authen filter-cache privileged EXEC command to display MAC addresses in the MAC authentication cache. show dot11 aaa authentication mac-authen filter-cache [address] Syntax Description address Defaults This command has no defaults.
PAGE 218
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 adjacent-ap show dot11 adjacent-ap Use the show dot11 adjacent-ap privileged EXEC command to display the fast, secure roaming list of access points that are adjacent to this access point. The WDS access point builds the adjacent access point list based on data from client devices that support fast, secure roaming.
PAGE 219
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 adjacent-ap Related Commands Command Description dot11 adjacent-ap age-timeout Specifies the number of hours an inactive entry remains in the adjacent access point list Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 0L-24115-01 2-207
PAGE 220
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 associations show dot11 associations Use the show dot11 associations privileged EXEC command to display the radio association table, radio association statistics, or to selectively display association information about all repeaters, all clients, a specific client, or basic service clients. show dot11 associations [client | repeater | statistics | H.H.
PAGE 221
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 associations Examples • BLOCK • IAPP_get • AAA_Auth • AAA_ReAuth • Drv_Add_InProg This example shows how to display the radio association table: AP# show dot11 associations This example shows how to display all client devices associated with the access point: AP# show dot11 associations client This example shows how to display access point radio statistics: AP# show dot11 associations statistics Cisco IOS Command Reference
PAGE 222
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 associations Related Commands Command Description clear dot11 client Deauthenticates a client with a specified MAC address clear dot11 statistics Resets the statistics for a specified radio interface or client device dot11 extension aironet Starts a link test between the access point and a client device Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 2-210 0L-24115-01
PAGE 223
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 bssid show dot11 bssid Use the show dot11 bssid privileged EXEC command to display the relationship between SSIDs and BSSIDs or MAC addresses. show dot11 bssid Syntax Description This command has no arguments or keywords. DefaultsDefaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(4)JA This command was introduced.
PAGE 224
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 cac Syntax Description dot11radio number DefaultsDefaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced. Examples Displays admission control statistics for the 802.11 radio interface, where number is 0 for the 802.11a and 802.11g radios or 1 for the 801.11a radio.
PAGE 225
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 cac Command Description traffic-stream Configures CAC traffic data rates and priorities on the access point. debug cac Provides debug information for CAC admission control on the access point.
PAGE 226
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 carrier busy show dot11 carrier busy Use the show dot11 carrier busy privileged EXEC command to display recent carrier busy test results. You can display test results once using this command. After the display, you must use the dot11 carrier busy command to run the carrier busy test again. show dot11 carrier busy Syntax Description This command has no arguments or keywords. DefaultsDefaults This command has no defaults.
PAGE 227
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 directed-roam show dot11 directed-roam Use the show dot11 directed-roam privileged EXEC command to display recent carrier busy test results. You can display test results once using this command. After the display, you must use the dot11 directed-roam command to run the carrier busy test again. show dot11 directed-roam [clients] [aps] Syntax Description clients Displays the canidate client list.
PAGE 228
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 ids eap show dot11 ids eap Use the show dot11 ids eap privileged EXEC command to display wireless IDS statistics. show dot11 ids eap Syntax Description This command has no arguments or keywords. DefaultsDefaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 229
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 ids mfp show dot11 ids mfp Use the show dot11 ids mfp privileged EXEC command to display to Management Frame Protection (MFP) parameters on the access point. show dot11 ids mfp detector [statistics] distributor {detectors |generators | statistics} generator client statistics show dot11 ids mfp io detector Indicates if the MFP detector is configured on the access point.
PAGE 230
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 network-map show dot11 network-map Use the show dot11 network-map privileged EXEC command to display the radio network map. The radio network map contains information from Cisco access points in the same Layer 2 domain as this access point. show dot11network-map Syntax Description This command has no arguments or keywords. DefaultsDefaults This command has no defaults.
PAGE 231
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 statistics client-traffic show dot11 statistics client-traffic Use the show dot 11 statistics client-traffic privileged EXEC command to display the radio client traffic statistics. show dot11 statistics client-traffic Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 232
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 traffic-streams show dot11 traffic-streams Use the show dot11 traffic streams command to display a list of traffic streams admitted by the AP. It lists the access category and TSID of the streams as well as medium time allocated for the traffic stream. show dot11 traffic-streams Syntax Description This command has no arguments or keywords. Defaults This command has no defaults.
PAGE 233
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot11 vlan-name show dot11 vlan-name Use the show dot11 vlan-name privileged EXEC command to display VLAN name and ID pairs configured on the access point. If your access point is not configured with VLAN names or is configured only with VLAN IDs, there is no output for this command.
PAGE 234
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot1x show dot1x Use the show dot1x command to display dot1x information on the access point. show dot1x [all | interface {dot11radio number | fastethernet number} [details | statistics] | statistics Syntax Description all (Optional) Displays all DOT1X information on the access point. interface (Optional) Displays DOT1x information specific to an interface.
PAGE 235
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot1x RxReq = 8 RxInvalid = 0 RxLenErr = 0 RxTotal = 10 TxStart = 1 TxLogoff = 0 TxResp = 7 TxTotal = 8 RxVersion = 1 LastRxSrcMAC = 000f.f77f.
PAGE 236
Chapter 2 Cisco IOS Commands for Access Points and Bridges show dot1x credentials show dot1x credentials Use the show dot1x credentials EXEC mode command to display the dot1x credentials configured on the access point. show dot1x credentials Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced.
PAGE 237
Chapter 2 Cisco IOS Commands for Access Points and Bridges show eap registrations Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced.
PAGE 238
Chapter 2 Cisco IOS Commands for Access Points and Bridges show eap sessions show eap sessions Use the show eap sessions privileged EXEC command to display the EAP sessions on the access point. show eap sessions [credentials ] [interface ] [method ] [transport ] Syntax Description credentials Displays EAP session credentials on the access point. The name option specifies a credential profile name.
PAGE 239
Chapter 2 Cisco IOS Commands for Access Points and Bridges show environment show environment Use the show environment EXEC command to display information about the internal temperature of the bridge radio. show environment Note This command is supported only on bridges. It measures and displays the internal temperature of the unit and should not be confused with the external temperature limits for the device. Syntax Description This command has no arguments or keywords.
PAGE 240
Chapter 2 Cisco IOS Commands for Access Points and Bridges show iapp rogue-ap-list show iapp rogue-ap-list Use the show iapp rogue-ap-list privileged EXEC command to display a list of rogue access points. show iapp rogue-ap-list Note This command is not supported on bridges. Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 241
Chapter 2 Cisco IOS Commands for Access Points and Bridges show iapp standby-parms Examples This example shows how to display the list of IAPP rogue access points: AP# show iapp rogue-ap-list Related Commands Command Description clear iapp rogue-ap-list Clears the rogue access point list show iapp standby-parms Use the show iapp standby-parms privileged EXEC command to display IAPP standby parameters when a standby MAC address is configured.
PAGE 242
Chapter 2 Cisco IOS Commands for Access Points and Bridges show iapp statistics show iapp statistics Use the show iapp statistics privileged EXEC command to display the IAPP transmit and receive statistics. show iapp statistics Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 243
Chapter 2 Cisco IOS Commands for Access Points and Bridges show interfaces dot11radio show interfaces dot11radio Use the show interfaces dot11radio privileged EXEC command to display the radio interface configuration and statistics. show interfaces dot11radio interface-number Syntax Description interface-number Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 244
Chapter 2 Cisco IOS Commands for Access Points and Bridges show interfaces dot11radio aaa show interfaces dot11radio aaa Use the show interfaces dot11radio aaa privileged EXEC command to display the radio interface information. show interfaces dot11radio interface-number aaa [timeout] Syntax Description interface-number Specifies the radio interface number. The 2.4-GHz radio is radio 0. The 5-GHz radio is radio 1. timeout Displays the AAA timeout value. Defaults This command has no defaults.
PAGE 245
Chapter 2 Cisco IOS Commands for Access Points and Bridges show interfaces dot11radio statistics show interfaces dot11radio statistics Use the show interfaces dot11radio statistics privileged EXEC command to display the radio interface statistics. show interfaces dot11radio interface-number statistics Syntax Description interface-number Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 246
Chapter 2 Cisco IOS Commands for Access Points and Bridges show ip igmp snooping groups show ip igmp snooping groups Use the show ip igmp snooping groups privileged EXEC command to display IGMP snooping status information. show ip igmp snooping groups [count] [network-id network id] [vlan vlan id [group address] [count] ] Syntax Description count Displays group count information. network-id network-id Displays group information by wireless Network ID.
PAGE 247
Chapter 2 Cisco IOS Commands for Access Points and Bridges show led flash show led flash Use the show led flash privileged EXEC command to display the LED flashing status. show led flash Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.2(4)JA This command was introduced.
PAGE 248
Chapter 2 Cisco IOS Commands for Access Points and Bridges show power-injector show power-injector Use the show power-injector privileged EXEC command to view link statistics and the current operating mode for the two physical Ethernet ports (port 0 and port 1) of a Cisco Aironet power-injector. show power-injector Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.
PAGE 249
Chapter 2 Cisco IOS Commands for Access Points and Bridges show power-injector show power-injector =========== Power Injector Statistics =============== Power Injector port 0 speed 100Mb/s duplex full link up enable yes tx bytes 194053 tx drops 0 tx bcasts 191 tx mcasts 1200 tx unicasts 0 tx collisions 0 tx single collisions 0 tx multiples collisions 0 tx deferred 0 tx late collisions 0 tx excessive collisions 0 tx frame disc 0 tx pauses 0 rx bytes 14356 rx undersizes 0 rx pauses 0 rx (<=64 bytes) pkts 10
PAGE 250
Chapter 2 Cisco IOS Commands for Access Points and Bridges show radius local-server statistics show radius local-server statistics Use the show radius local-server statistics privileged EXEC command to view statistics collected by the local authenticator. show radius local-server statistics Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.
PAGE 251
Chapter 2 Cisco IOS Commands for Access Points and Bridges show running-config ssid • Invalid PAC received—the number of PACs received that were expired, that the authenticator could not decrypt, or that were assigned to a client username not in the authenticator’s database The third section lists stats for individual users. If a user is blocked and the lockout time is set to infinite, blocked appears at the end of the stat line for that user.
PAGE 252
Chapter 2 Cisco IOS Commands for Access Points and Bridges show spanning-tree show spanning-tree Use the show spanning-tree privileged EXEC command to display information about the spanning tree topology.
PAGE 253
Chapter 2 Cisco IOS Commands for Access Points and Bridges show wlccp show wlccp Use the show wlccp privileged EXEC command to display information on devices participating in Cisco Centralized Key Management (CCKM). Use the show wlccp privileged EXEC command to display information on devices participating in Cisco Centralized Key Management (CCKM).
PAGE 254
Chapter 2 Cisco IOS Commands for Access Points and Bridges show wlccp wnm status (Optional) This command displays the IP address of the wireless network manager (WNM) and the status of the authentication between the WNM and the WDS access point. Possible statuses include not authenticated, auth in progress, authentication fail, authenticated, and security keys setup.
PAGE 255
Chapter 2 Cisco IOS Commands for Access Points and Bridges show wlccp Related Commands Command Description clear wlccp wds Resets WDS statistics and removes devices from the WDS database show dot11 aaa authentication mac-authen filter-cache Displays MAC addresses in the MAC authentication cache wlccp wds priority Configures an access point as a candidate to provide wireless domain services (WDS) Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 0L-24115-01 2-243
PAGE 256
Chapter 2 Cisco IOS Commands for Access Points and Bridges show wlccp ap mn show wlccp ap mn Use the show wlccp ap mn privileged EXEC command to display information on a mobile node. show wlccp ap [mn mac address] Note This command is not supported on bridges. Syntax Description mac address Defaults This command has no defaults. Command Modes Privileged EXEC Command History Release Modification 12.3(8)JA This command was introduced. Examples Specifies the MAC address of the mobile node.
PAGE 257
Chapter 2 Cisco IOS Commands for Access Points and Bridges show wlccp ap rm enhanced-neighbor-list show wlccp ap rm enhanced-neighbor-list Use the show wlccp ap enhanced-neighbor-list privileged EXEC command to display the enhanced neighbor list. The enhanced neighbor list feature is enabled on specific access points from the Cisco WLSE. show wlccp ap rm enhanced-neighbor list Note This command is not supported on bridges. Syntax Description This command has no arguments or keywords.
PAGE 258
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server enable traps snmp-server enable traps To enable all Simple Network Management Protocol (SNMP) notification types that are available on your system, use the snmp-server enable traps command in global configuration mode. To disable all available SNMP notifications, use the no form of this command.
PAGE 259
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server enable traps Usage Guidelines For additional notification types, see the Related Commands table for this command. SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [traps | informs] command.
PAGE 260
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server enable traps envmon temperature snmp-server enable traps envmon temperature Use the snmp-server enable traps envmon temperature global configuration command to enable an SNMP trap for monitoring bridge radio temperature. This trap is sent out when the bridge radio temperature approaches the limits of its operating range (55° C to –33° C; 131° F to –27.4° F).
PAGE 261
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server group snmp-server group To configure a new SNMP group, or a table that maps SNMP users to SNMP views, use the snmp-server group global configuration command. To remove a specified SNMP group, use the no form of this command.
PAGE 262
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server group Command Modes Global configuration Command History Release Modification 12.3(4)JA This command was introduced. Usage Guidelines When a community string is configured internally, two groups with the name public are autogenerated, one for the v1 security model and the other for the v2c security model. Similarly, deleting a community string will delete a v1 group with the name public and a v2c group with the name public.
PAGE 263
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server location If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
PAGE 264
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server user Related Commands Command Description dot11 location isocc Specifies ISO and ITU country and area codes that the access point includes in accounting and authentication requests snmp-server user To configure a new user to an SNMP group, use the snmp-server user global configuration command. To remove a user from an SNMP group, use the no form of the command.
PAGE 265
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server user Defaults Table 2-14 describes default values for the encrypted option, passwords and access lists: Table 2-14 Default Values for snmp-server user Options Setting Description encrypted Not present by default. Specifies that the auth and priv passwords are MD5 digests and not text passwords. passwords Assumed to be text strings. access lists Access from all IP access lists is permitted by default.
PAGE 266
Chapter 2 Cisco IOS Commands for Access Points and Bridges snmp-server view snmp-server view To create or update a view entry, use the snmp-server view global configuration command. To remove the specified SNMP server view entry, use the no form of the command. [no] snmp-server view view-name oid-tree {included | excluded} Syntax Description view-name Label for the view record that you are updating or creating. The name is used to reference the record. oid-tree Object identifier of the ASN.
PAGE 267
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed (Ethernet interface) The following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interfaces group: snmp-server view agon system included snmp-server view agon system.7 excluded snmp-server view agon ifEntry.*.
PAGE 268
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed (radio interface) Usage Guidelines Cisco recommends that you use auto, the default setting, for both the speed and duplex settings on the Ethernet port. When the access point or bridge receives inline power from a switch, any change in the speed or duplex settings that resets the Ethernet link reboots the unit.
PAGE 269
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed (radio interface) Syntax Description For the 802.11b, 2.4-GHz radio: [1.0] [2.0] [5.5] [11.0] For the 802.11g, 2.4-GHz radio: (Optional) Sets the access point to allow packets to use the non-basic settings. The access point transmits only unicast packets at these rates; multicast packets are sent at one of the data rates set to a basic setting. Note At least one of the access point’s data rates must be set to a basic setting. [1.0] [2.
PAGE 270
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed (radio interface) For the 5-GHz 802.11n radio: On the 802.11n 5-GHz radio, the default option sets rates to 6.0, 12.0, and 24.0 to enabled. {[12.0] [18.0] [24.0] [36.0] [48.0] [54.0] [6.0] [9.0] [basic-12.0] [basic-18.0] [basic-24.0] [basic-36.0] [basic-48.0] [basic-54.0] [basic-6.0] [basic-9.0] [default] [m0-7] [m0.] [m1.] [m10.] [m11.] [m12.] [m13.] [m14.] [m15.] [m2.] [m3.] [m4.] [m5.] [m6.] [m7.] [m8-15] [m8.] [m9.
PAGE 271
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed (radio interface) Command History Examples Release Modification 12.2(4)JA This command was introduced. 12.2(8)JA Parameters were added to support the 5-GHz access point radio. 12.2(11)JA Parameters were added to support the 5.8-GHz bridge radio. 12.2(13)JA Parameters were added to support the 802.11g, 2.4-GHz access point radio. 12.3(2)JA The ofdm parameter was added to the throughput option for the 802.11g, 2.
PAGE 272
Chapter 2 Cisco IOS Commands for Access Points and Bridges speed ofdm speed ofdm Use the speed ofdm configuration interface command to adjust the way that the access point advertises supported OFDM data rates in beacons and probe responses. Use the no form of the command to return to the default setting. [no] speed ofdm {join | separate} Syntax Description join Specifies that supported OFDM data rates appear in both information element (IE) 1 and IE 50. This is the default setting.
PAGE 273
Chapter 2 Cisco IOS Commands for Access Points and Bridges ssid ssid Use the ssid interface configuration command to assign a globally configured SSID to a radio interface. Use the no form of the command to remove an SSID from a radio interface. [no] ssid ssid-string In Cisco IOS Release 12.3(4)JA, you can configure SSIDs globally or for a specific radio interface, but all SSIDs are stored globally.
PAGE 274
Chapter 2 Cisco IOS Commands for Access Points and Bridges ssid Related Commands Command Description authentication open (SSID configuration mode) Configures the radio interface (for the specified SSID) to support open authentication authentication shared (SSID configuration Configures the radio interface (for the specified SSID) to support shared authentication mode) authentication network-eap (SSID configuration mode) Configures the radio interface (for the specified SSID) to support network-EAP
PAGE 275
Chapter 2 Cisco IOS Commands for Access Points and Bridges station-role station-role Use the station-role configuration interface command to set the role of the radio interface. Use the no form of the command to reset the parameter to the default value.
PAGE 276
Chapter 2 Cisco IOS Commands for Access Points and Bridges station-role repeater Specifies that the access point is configured for repeater operation. Repeater operation indicates the access point is not connected to a wired LAN and must associate to a root access point that is connected to the wired LAN. Note root access-point Specifies that the access point and bridge is configured for root mode operation and connected to a wired LAN.
PAGE 277
Chapter 2 Cisco IOS Commands for Access Points and Bridges station-role fallback shutdown Specifies that the access point should shutdown when the primary Ethernet interface is not functional. Note fallback repeater Specifies that the access point should operate in repeater mode when the primary Ethernet interface is not functional. Note install This option is supported only on 1100, 1130AG, 1200, 1240AG, and 1310 series access points and bridges in access point mode.
PAGE 278
Chapter 2 Cisco IOS Commands for Access Points and Bridges station-role Examples This example shows how to configure an access point for root operation and shutdown when Ethernet is not functional: AP(config-if)# station-role root fallback shutdown This example shows how to configure an access point for repeater operation: AP(config-if)# station-role repeater This example shows how to reset an access point or bridge to default operation: AP(config-if)# no station-role This example shows how to set a
PAGE 279
Chapter 2 Cisco IOS Commands for Access Points and Bridges station-role install station-role install Use the station-role install configuration interface command to configure the bridge for installation mode. In installation mode, the bridge flashes the LEDs to indicate received signal strength. station-role install [ automatic | non-root | root ] Note Syntax Description This command is supported only on 1310 and 1400 series bridges.
PAGE 280
Chapter 2 Cisco IOS Commands for Access Points and Bridges transmit-op (QOS Class interface configuration mode) transmit-op (QOS Class interface configuration mode) Use the transmit-op QOS Class interface configuration mode command to configure the CAC transmit opportunity time for a radio interface. Use the no form of the command to remove the setting. transmit-op 0-65535 no transmit-op Note This command is not supported when operating in repeater mode.
PAGE 281
Chapter 2 Cisco IOS Commands for Access Points and Bridges traffic-class Examples This example shows how to configure the CAC transmit opportunity time for the radio interface: AP(config)# interface dot11radio 0 AP(config-if)# dot11 qos class voice AP(config-if-qosclass)# transmit-op 100 This example shows how to remove the CAC transmit opportunity time for the radio interface: AP(config-if-qosclass)# no transmit-op Related Commands Command Description admission-control (QOS Class interface configur
PAGE 282
Chapter 2 Cisco IOS Commands for Access Points and Bridges traffic-class Table 2-17 Default QoS Radio Traffic Class Definitions for Access Points Class of Service Min Contention Window Max Contention Window Fixed Slot Time Transmit Opportunity Background 5 10 7 0 Best Effort 5 10 3 0 Video <100ms Latency 4 5 2 30081 Voice <100ms Latency 2 4 2 15042 1. 6016—On access points with IEEE 802.11b radios 2. 3264—On access points with IEEE 802.
PAGE 283
Chapter 2 Cisco IOS Commands for Access Points and Bridges traffic-stream Table 2-19 Examples CW-min and CW-max Settings for Point-to-Point and Point-to-Multipoint Bridge Links Setting Point-to-Multipoint Links with up to 5 Point-to-Point Links Non-Root Bridges Point-to-Multipoint Links with up to 10 Non-Root Bridges Point-to-Multipoint Links with up to 17 Non-Root Bridges CW-min 3 4 5 6 CW-max 10 10 10 10 This example shows how to configure the best-effort traffic class for contention wi
PAGE 284
Chapter 2 Cisco IOS Commands for Access Points and Bridges username (dot1x credentials configuration mode) Defaults This command has no defaults. Command Modes Configuration interface Command History Release Modification 12.3(8)JA This command was introduced. Examples This example shows how to configure CAC traffic-stream support for a nominal 24 Mbps rate for priority 7 on the 802.11a radio interface: AP(config)# interface dot11radio 1 AP(config-if)# traffic-stream priority 7 sta-rates nom-24.
PAGE 285
Chapter 2 Cisco IOS Commands for Access Points and Bridges username (dot1x credentials configuration mode) Command History Examples Release Modification 12.3(8)JA This command was introduced.
PAGE 286
Chapter 2 Cisco IOS Commands for Access Points and Bridges user (local server configuration mode) user (local server configuration mode) Use the user local server configuration command to specify the users allowed to authenticate using the local authenticator. As a local authenticator, the access point performs LEAP, EAP-FAST, and MAC-based authentication for up to 50 client devices. The access point performs up to 5 authentications per second.
PAGE 287
Chapter 2 Cisco IOS Commands for Access Points and Bridges vlan (SSID configuration mode) This example shows how to add a user to the list of clients allowed to authenticate using MAC-based authentication on the local authenticator: AP(config-radsrv)# user 00074218d01b password 00074218d01b group cashiers Related Commands Command Description group (local server configuration mode) Creates a user group on the local authenticator and enters user group configuration mode nas (local server configuration
PAGE 288
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp ap eap profile Related Commands Command Description ssid Specifies the SSID and enters the SSID configuration mode wlccp ap eap profile Use the wlccp ap eap profile global configuration command to enable an EAP profile for WLSM. Use the no form of this command to disable the EAP profile. wlccp ap eap profile profile name no wlccp ap eap profile Syntax Description profile name Defaults This command has no default setting.
PAGE 289
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp ap username wlccp ap username Use the wlccp ap username global configuration command to configure an access point to authenticate through the device configured for wireless domain services (WDS) and participate in Cisco Centralized Key Management (CCKM). Use the no form of the command to disable the username.
PAGE 290
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp authentication-server wlccp authentication-server Use the wlccp authentication-server global configuration command to configure the list of servers to be used for 802.1x authentication for infrastructure devices and client devices enabled for Cisco Centralized Key Management (CCKM).
PAGE 291
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp wds aaa authentication mac-authen filter-cache Examples This example shows how to configure the server list for LEAP authentication for client devices: AP(config)# wlccp authentication-server client leap leap-list1 This example shows how to configure the server list for 802.
PAGE 292
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp wds mode wds-only Related Commands Command Description clear dot11 aaa authentication mac-authen filter-cache Clear MAC addresses from the MAC authentication cache. dot11 aaa authentication mac-authen filter-cache Enable MAC authentication caching on the access point. show dot11 aaa authentication mac-authen filter-cache Display MAC addresses in the MAC authentication cache.
PAGE 293
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp wds priority Related Commands Command Description show wlccp Display information on devices participating in Cisco Centralized Key Management (CCKM) and WDS, including addresses in the MAC authentication cache. wlccp wds priority Use the wlccp wds priority global configuration command to configure an access point to provide Wireless Domain Services (WDS).
PAGE 294
Chapter 2 Cisco IOS Commands for Access Points and Bridges wlccp wnm ip address Examples This example shows how to configure the priority for an access point as a candidate to provide WDS: AP(config)# wlccp wds priority 200 interface bvi 1 Related Commands Command Description wlccp ap username Configures an access point to participate in CCKM wlccp authentication-server Specifies server lists for 802.
PAGE 295
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge client-vlan workgroup-bridge client-vlan Use the workgroup-bridge client-vlan global configuration command to assign a VLAN to the devices attached to a workgroup bridge. This command enables VLAN trunking on the workgroup bridge’s radio and Ethernet interfaces. workgroup-bridge client-vlan vlan-id Note This command is supported only on 1100 and 1200 series access points and 1300 series access points/bridges.
PAGE 296
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge timeouts assoc-response workgroup-bridge timeouts assoc-response Use the workgroup-bridge timeouts assoc-response global configuration command to fine tune the association response timeout for WGB. This CLI command is applicable to an AP working in WGB mode. workgroup-bridge timeouts assoc-response ms Note This command is supported only on APs that support a station role of “WGB.
PAGE 297
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge timeouts auth-response workgroup-bridge timeouts auth-response Use the workgroup-bridge timeouts auth-response global configuration command to fine tune the authentication response timeout for WGB. This CLI command is applicable to an AP working in WGB mode. workgroup-bridge timeouts auth-response ms Note This command is supported only on APs that support a station role of “WGB.
PAGE 298
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge timeouts client-add workgroup-bridge timeouts client-add Use the workgroup-bridge timeouts client-add global configuration command to fine tune the client add timeout for WGB. This CLI command is applicable to an AP working in WGB mode. workgroup-bridge timeouts client-add ms Note This command is supported only on APs that support a station role of “WGB.
PAGE 299
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge timeouts eap-timeout workgroup-bridge timeouts eap-timeout Use the workgroup-bridge timeouts eap-timeout global configuration command to fine tune the EAP timeout for WGB. This CLI command is applicable to an AP working in WGB mode. workgroup-bridge timeouts eap-timeout sec Note This command is supported only on APs that support a station role of “WGB.” Syntax Description sec Defaults The default eap-timeout is 0 seconds.
PAGE 300
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge timeouts iapp-refresh workgroup-bridge timeouts iapp-refresh Use the workgroup-bridge timeouts iapp-refresh global configuration command to fine tune the IAPP refresh timeout. This CLI command is applicable to an AP working in WGB mode only. workgroup-bridge timeouts iapp-refresh ms Note This command is supported only on APs that support a station role of “WGB.
PAGE 301
Chapter 2 Cisco IOS Commands for Access Points and Bridges workgroup-bridge unified-vlan-client workgroup-bridge unified-vlan-client Use the workgroup-bridge unified-vlan-client global configuration command to enable the Workgroup Bridge (WGB) VLAN tagging feature. [no] workgroup-bridge unified-vlan-client [broadcast-replicate] Note Syntax Description This command is supported only on APs that support a station role of “WGB.” no Enables/disables the The Workgroup-Bridge (WGB) VLAN tagging feature.
PAGE 302
Chapter 2 Cisco IOS Commands for Access Points and Bridges world-mode world-mode Use the world-mode configuration interface mode command to enable access point world mode operation. You can configure the access point to support 802.11d world mode or Cisco legacy world mode. Use the no form of the command to disable world mode operation. [no] world-mode dot11d country_code code {both | indoor | outdoor} | legacy Syntax Description dot11d country_code code {both | indoor | outdoor} legacy Enables 802.
PAGE 303
Chapter 2 Cisco IOS Commands for Access Points and Bridges wpa-psk Related Commands Command Description show running-config Displays the current access point operating configuration wpa-psk Use the wpa-psk SSID interface configuration command to configure a pre-shared key for use in WPA authenticated key management. To support WPA on a wireless LAN where 802.1x-based authentication is not available, you must configure a pre-shared key for the SSID.
PAGE 304
Chapter 2 Cisco IOS Commands for Access Points and Bridges write memory write memory Use the write memory command to copy the running configuration into flash memory (NVRAM). write memory Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC command. Command History Release Modification 12.2(4)T This command was introduced.
PAGE 305
Chapter 2 Cisco IOS Commands for Access Points and Bridges write terminal write terminal Use the write terminal command to write the running configuration to the terminal screen. write terminal Syntax Description This command has no arguments or keywords. Defaults This command has no defaults. Command Modes Privileged EXEC command. Command History Release Modification 12.2(4)T This command was introduced. Usage Guidelines None.
PAGE 306
Chapter 2 Cisco IOS Commands for Access Points and Bridges write terminal --More-bridge irb --More-! --More-! --More-interface Dot11Radio0 --More-no ip address --More-no ip route-cache --More-shutdown --More-station-role root --More-bridge-group 1 --More-bridge-group 1 subscriber-loop-control --More-bridge-group 1 block-unknown-source --More-no bridge-group 1 source-learning --More-no bridge-group 1 unicast-flooding --More-bridge-group 1 spanning-disabled --More-! --More-interface Dot11Radio1 --More-no i
PAGE 307
Chapter 2 Cisco IOS Commands for Access Points and Bridges write terminal Related Commands Command Description write memory Writes the running configuration into flash memory (NVRAM) of an access point. copy system:/running-config url Writes the running configuration onto a server on the network. Previously, the write network command. Note See the Cisco IOS mainline documentation for more details on this command.
PAGE 308
Chapter 2 Cisco IOS Commands for Access Points and Bridges write terminal Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges 2-296 0L-24115-01
PAGE 309
A P P E N D I X A List of Supported Cisco IOS Commands This appendix lists the Cisco IOS commands that access points and bridges support. Cisco IOS commands that are not in this list have not been tested on access points and bridges and might not be supported. Commands related to wireless LANs are described in Chapter 2, “Cisco IOS Commands for Access Points and Bridges” and appear in blue in this list. You can click those commands to browse to a description of the command.
PAGE 310
Appendix A List of Supported Cisco IOS Commands B admission-control (QOS Class interface configuration mode) Note This command is not supported on repeaters. admit-traffic (SSID configuration mode) Note This command is not supported on repeaters. admit-traffic (QOS Class interface configuration mode) Note This command is not supported on repeaters.
PAGE 311
Appendix A List of Supported Cisco IOS Commands C bridge hello-time bridge max-age bridge priority bridge protocol ieee bridge-group block-unknown-source bridge-group input-address-list bridge-group input-pattern-list bridge-group input-type-list bridge-group output-address-list bridge-group output-pattern-list bridge-group output-type-list bridge-group path-cost bridge-group port-protected bridge-group priority bridge-group spanning-disabled bridge-group subscriber-loop-control bridge-group source-learni
PAGE 312
Appendix A List of Supported Cisco IOS Commands D clear dot11 cckm-statistics clear dot11 client clear dot11 hold-list clear dot11 statistics clear dot11 ids mfp client statistics clear eap sessions clear iapp rogue-ap-list clear iapp statistics clear ip igmp snooping membership clear logging clear vlan clear wlccp wds clear wlccp wds recovery statistics clock timezone clock summer-time concatenation configure terminal copy countermeasure tkip hold-time crypto pki authenticate crypto pki enroll crypto pk
PAGE 313
Appendix A List of Supported Cisco IOS Commands D debug dot11 cac Note This command is not supported on repeaters.
PAGE 314
Appendix A List of Supported Cisco IOS Commands D dot11 association mac-list dot11 auto-immune dot11 carrier busy dot11 extension aironet dot11 extension power native dot11 holdoff-time dot11 ids eap attempts dot11 ids mfp dot11 igmp snooping-helper dot11 lbs dot11 linktest dot11 location isocc dot11 mbssid dot11 meter dot11 network-map dot11 phone dot11 priority-map avvid dot11 qos class dot11 ssid dot11 update-group-key dot11 vlan-name dot11 wpa handshake init-delay dot11 wpa handshake timeout dot1x cr
PAGE 315
Appendix A List of Supported Cisco IOS Commands E E eap profile eapfast authority eapfast pac expiry eapfast server-key enable encapsulation dot1q encryption encryption key encryption mode ciphers encryption mode wep end erase exception core-file exception crashinfo buffersize exception crashinfo file exception dump exception flash exception memory exec-timeout exit F fair-queue fixed-slot (QOS Class interface configuration mode) format fragment-threshold full-duplex G group (local server configuration
PAGE 316
Appendix A List of Supported Cisco IOS Commands H H half-duplex help hold-queue holdoff-time hostname I iapp standby mac-address iapp standby poll-frequency iapp standby primary-shutdown iapp standby timeout ids mfp client information-element ssidl (SSID configuration mode) infrastructure-client infrastructure-ssid (SSID configuration mode) interface interface dot11 (LBS configuration mode) interface dot11radio interface fastethernet Caution Access points and bridges do not support the interface loopb
PAGE 317
Appendix A List of Supported Cisco IOS Commands L ip http server ip igmp snooping vlan ip name-server ip redirection ip telnet L l2-filter bridge-group-acl l2-filter-block-arp led display led flash length Note The length command is supported only on access points that have a console port.
PAGE 318
Appendix A List of Supported Cisco IOS Commands N mbssid (SSID configuration mode) method (eap profile configuration mode) method (LBS configuration mode) mobile station mobility network-id monitor Note The monitor command is supported only on access points that have a console port.
PAGE 319
Appendix A List of Supported Cisco IOS Commands R privilege Note The privilege command is supported only on access points that have a console port.
PAGE 320
Appendix A List of Supported Cisco IOS Commands S show cdp entry show cdp interface show cdp neighbors show cdp traffic show clock show controllers dot11radio show controllers fastethernet show debugging show dhcp server show dot11 aaa authentication mac-authen filter-cache show dot11 adjacent-ap show dot11 associations show dot11 bssid show dot11 cac Note This command is not supported on repeaters.
PAGE 321
Appendix A List of Supported Cisco IOS Commands S show iapp statistics show interfaces dot11radio show interfaces dot11radio aaa show interfaces dot11radio statistics show interfaces fastethernet show ip access-list Note The show ip local command is not supported on access points and bridges.
PAGE 322
Appendix A List of Supported Cisco IOS Commands S show vlan show wlccp show wlccp ap mn show wlccp ap rm enhanced-neighbor-list shutdown snmp ifindex snmp-server snmp-server chassis-id snmp-server community snmp-server contact snmp-server enable traps snmp-server enable traps envmon temperature snmp-server group snmp-server host snmp-server location snmp-server system-shutdown snmp-server user snmp-server view snmp trap link-status speed (Ethernet interface) speed (radio interface) speed (serial line int
PAGE 323
Appendix A List of Supported Cisco IOS Commands T T terminal-type Note The terminal-type command is supported only on access points that have a console port. test fastethernet test led timeout (serial line interface) Note The timeout (serial line interface) command is supported only on access points that have a console port. traffic-class traffic-stream Note This command is not supported on repeaters.
PAGE 324
Appendix A List of Supported Cisco IOS Commands W wlccp wds priority wlccp wnm ip address workgroup-bridge client-vlan workgroup-bridge timeouts assoc-response workgroup-bridge timeouts auth-response workgroup-bridge timeouts client-add workgroup-bridge timeouts eap-timeout workgroup-bridge timeouts iapp-refresh workgroup-bridge unified-vlan-client world-mode wpa-psk write memory write terminal Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges A-16 0L-24115-01
PAGE 325
GLOSSARY 802.3af The IEEE standard that describes a mechanism for Power over Ethernet (PoE). The standard provides the capability to deliver both power and data over standard Ethernet cabling. 802.11 The IEEE standard that specifies carrier sense media access control and physical layer specifications for 1- and 2-megabit-per-second (Mbps) wireless LANs operating in the 2.4-GHz band. 802.
PAGE 326
Glossary ampdu Aggregate MAC protocol unit. An A-MPDU is a structure containing multiple MPDUs transported as a single PSDU by the PHY. associated A station is configured properly to allow it to wirelessly communicate with an Access Point. B beacon A wireless LAN packet that signals the availability and presence of the wireless device. BID Bridge identifier used in spanning tree calculations. The BID contains the bridge MAC address and its spanning tree priority value.
PAGE 327
Glossary client A radio device that uses the services of an Access Point to communicate wirelessly with other devices on a local area network. CSMA Carrier sense multiple access. A wireless LAN media access method specified by the IEEE 802.11 specification. D data rates The range of data transmission rates supported by a device. Data rates are measured in megabits per second (Mbps). dBi A ratio of decibels to an isotropic antenna that is commonly used to measure antenna gain.
PAGE 328
Glossary F file server A repository for files so that a local area network can share files, mail, and programs. firmware Software that is programmed on a memory chip. G gateway A device that connects two otherwise incompatible networks together. GHz Gigahertz. One billion cycles per second. A unit of measure for frequency. I IEEE Institute of Electrical and Electronic Engineers.
PAGE 329
Glossary O omni-directional This typically refers to a primarily circular antenna radiation pattern. Orthogonal Frequency Division Multiplex (OFDM) A modulation technique used by IEEE 802.11a-compliant wireless LANs for transmission at 6, 9, 12, 18, 24, 36, 48, and 54 Mbps. P packet A basic message unit for communication across a network. A packet usually includes routing information, data, and sometimes error detection information.
PAGE 330
Glossary S Spread Spectrum A radio transmission technology that spreads the user information over a much wider bandwidth than otherwise required in order to gain benefits such as improved interference tolerance and unlicensed operation. SSID Service Set Identifier (also referred to as Radio Network Name). A unique identifier used to identify a radio network and which stations must use to be able to communicate with each other or to an access point.
PAGE 331
Glossary WLSE Wireless LAN Solutions Engine. The WLSE is a specialized appliance for managing Cisco Aironet wireless LAN infrastructures. It centrally identifies and configures access points in customer-defined groups and reports on throughput and client associations. WLSE's centralized management capabilities are further enhanced with an integrated template-based configuration tool for added configuration ease and improved productivity. workstation A computing device with an installed client adapter.
PAGE 332
Glossary Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges GL-8 0L-24115-01
PAGE 333
INDEX bridge-group subscriber-loop-control command A bridge-group unicast-flooding command aaa authentication login default local cache command aaa pod server command accounting command 2-6 bridge priority command 2-11 2-32 2-33 broadcast-key command 2-42 2-13 antenna receive command C 2-14 iii-v cache authentication profile authentication client command authentication command 2-34 2-12 anonymous-id command audience 2-9 2-41 2-31 bridge protocol ieee command admission-control command
PAGE 334
Index clear wlccp wds recovery statistics command dot11 adjacent-ap command 2-64 command modes defined 1-1 dot11 antenna-alignment concatenation command 2-65 dot11 association mac-list conventions 2-96 2-98 dot11 extension aironet command command dot11 ids eap attempts command iii-vi dot11 ids mfp command iii-vi countermeasure tkip hold-time command country codes 2-100 dot11 extension power native command iii-vi publication text 2-95 2-103 2-104 dot11 igmp snooping-helper command
PAGE 335
Index fragment-threshold command frequencies 2-139 M 2-48 manual audience G organization of global configuration mode group command iii-v purpose of 1-2, 1-3 iii-v iii-v match (class-map configuration) command 2-140 guard-interval command guest-mode command match command 2-141 2-162 max-associations command 2-142 2-164 mbssid (SSID configuration mode) command mbssid command H mcs command holdoff-time command MCS rates 2-102 2-254 2-257 2-168, 2-169 mobile station command 2-17
PAGE 336
Index privileged EXEC mode publications, related show environment command 1-2 2-225 show iapp rogue-ap-list command iii-vi 2-226 show iapp standby-parms command Q 2-228 show int dot11radio command 2-230 show interfaces dot11radio command QoS class map creating show iapp statistics command 2-227 2-229 show interfaces dot11radio statistics command 2-50 defining the match criteria show ip igmp snooping groups command 2-162 show led flash 2-232 2-233 show radius local-server statistics
PAGE 337
Index username command 2-270 V vlan command 2-273 W warnings WISPr iii-vi 2-249 wlccp ap eap profile command wlccp ap username command 2-274 2-275 wlccp authentication-server command 2-276 wlccp wds aaa authentication mac-authen filter-cache command 2-277 wlccp wds mode wds-only command wlccp wds priority command 2-278 2-279 wlccp wnm ip address command 2-280 workgroup-bridge client-vlan command 2-281 workgroup-bridge timeouts assoc-response command 2-282 workgroup-bridge timeouts auth-res
PAGE 338
Index Cisco IOS Command Reference for Cisco Aironet Access Points and Bridges IN-6 0L-24115-01