- show Commands
- config Commands
- config ap flexconnect policy
- config ap flexconnect vlan
- config ap flexconnect vlan add
- config ap flexconnect vlan native
- config ap flexconnect vlan wlan
- config ap flexconnect web-auth
- config ap flexconnect web-policy acl
- config ap flexconnect wlan
- config flexconnect acl
- config flexconnect acl rule
- config flexconnect arp-caching
- config flexconnect group vlan
- config flexconnect group web-auth
- config flexconnect group web-policy
- config flexconnect join min-latency
- debug Commands
FlexConnect
Commands
show Commands
show ap flexconnect
To view the details of APs in FlexConnect mode, use the show ap flexconnect command.
show ap flexconnect module-vlan ap-name
Syntax Description
module-vlan |
Displays the status of FlexConnect local switching and VLAN ID value |
ap-name |
Cisco AP name |
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
show capwap reap association
To display the list of clients associated with an access point and their SSIDs, use the show capwap reap association command.
show capwap reap association
Syntax Description
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display clients associated to an access point and their SSIDs:
(Cisco Controller) >show capwap reap association
show capwap reap status
To display the status of the FlexConnect access point (connected or standalone), use the show capwap reap status command.
show capwap reap status
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Usage Guidelines
The command shows only the VLAN when configured as AP-specific.
Examples
The following example shows how to display the status of the FlexConnect access point:
(Cisco Controller) >show capwap reap status
show flexconnect acl detailed
To display a detailed summary of FlexConnect access control lists, use the show flexconnect acl detailed command.
show flexconnect acl detailed acl-name
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the FlexConnect detailed ACLs:
(Cisco Controller) >show flexconnect acl detailed acl-2
show flexconnect acl summary
To display a summary of all access control lists on FlexConnect access points, use the show flexconnect acl summary command.
show flexconnect acl summary
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the FlexConnect ACL summary:
(Cisco Controller) >show flexconnect acl summary ACL Name Status -------------------------------- ------- acl1 Modified acl10 Modified acl100 Modified acl101 Modified acl102 Modified acl103 Modified acl104 Modified acl105 Modified acl106 Modified
show flexconnect group detail
To display details of a FlexConnect group, use the show flexconnect group detail command.
show flexconnect group detail group_name [ module-vlan | aps]
Syntax Description
module-vlan |
Displays status of the FlexConnect local switching and VLAN ID in the group |
aps |
Displays list of APs that are part of the FlexConnect group |
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the detailed information for a specific FlexConnect group:
(Cisco Controller) >show flexconnect group detail myflexgroup Number of Ap’s in Group: 1 00:0a:b8:3b:0b:c2 AP1200 Joined Group Radius Auth Servers: Primary Server Index ..................... Disabled Secondary Server Index ................... Disabled
show flexconnect group summary
To display the current list of FlexConnect groups, use the show flexconnect group summary command.
show flexconnect group summary
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to display the current list of FlexConnect groups:
(Cisco Controller) >show flexconnect group summary flexconnect Group Summary: Count 1 Group Name # APs Group 1 1
config Commands
config ap flexconnect policy
To configure a policy ACL on a FlexConnect access point, use the config ap flexconnect policy command.
config ap flexconnect policy { add | delete} acl_name
Syntax Description
add |
Adds a policy ACL on a FlexConnect access point. |
deletes |
Deletes a policy ACL on a FlexConnect access point. |
acl_name |
Name of the ACL. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to add a policy ACL on a FlexConnect access point:
(Cisco Controller) >config ap flexconnect policy add acl1
config ap flexconnect vlan
To enable or disable VLAN tagging for a FlexConnect access, use the config ap flexconnect vlan command.
config ap flexconnect vlan { enable | disable} cisco_ap
Syntax Description
Command Default
Disabled. Once enabled, WLANs enabled for local switching inherit the VLAN assigned at the Cisco WLC.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to enable the access point’s VLAN tagging for a FlexConnect access:
(Cisco Controller) >config ap flexconnect vlan enable AP02
config ap flexconnect vlan add
To add a VLAN to a FlexConnect access point, use the config ap flexconnect vlan add command.
config ap flexconnect vlan add vlan-id acl in-acl out-acl cisco_ap
Syntax Description
Inbound ACL name that contains up to 32 alphanumeric characters. |
|
Outbound ACL name that contains up to 32 alphanumeric characters. |
|
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure the FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan add 21 acl inacl1 outacl1 ap1
config ap flexconnect vlan native
To configure a native VLAN for a FlexConnect access point, use the config ap flexconnect vlan native command.
config ap flexconnect vlan native vlan-id cisco_ap
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure a native VLAN for a FlexConnect access point mode:
(Cisco Controller) >config ap flexconnect vlan native 6 AP02
config ap flexconnect vlan wlan
To assign a VLAN ID to a FlexConnect access point, use the config ap flexconnect vlan wlan command.
config ap flexconnect vlan wlan wlan-id vlan-id cisco_ap
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to assign a VLAN ID to a FlexConnect access point:
(Cisco Controller) >config ap flexconnect vlan wlan 192.12.12.1 6 AP02
config ap flexconnect web-auth
To configure a FlexConnect ACL for external web authentication in locally switched WLANs, use the config ap flexconnect web-auth command.
config ap flexconnect web-auth wlan wlan_id cisco_ap acl_name { enable | disable }
Syntax Description
wlan |
Specifies the wireless LAN to be configured with a FlexConnect ACL. |
wlan_id |
Wireless LAN identifier between 1 and 512 (inclusive). |
cisco_ap |
Name of the FlexConnect access point. |
acl_name |
Name of the FlexConnect ACL. |
enable |
Enables the FlexConnect ACL on the locally switched wireless LAN. |
disable |
Disables the FlexConnect ACL on the locally switched wireless LAN. |
Command Default
FlexConnect ACL for external web authentication in locally switched WLANs is disabled.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Usage Guidelines
The FlexConnect ACLs that are specific to an AP have the highest priority. The FlexConnect ACLs that are specific to WLANs have the lowest priority.
Examples
The following example shows how to enable FlexConnect ACL for external web authentication on WLAN 6:
(Cisco Controller) >config ap flexconnect web-auth wlan 6 AP2 flexacl2 enable
config ap flexconnect web-policy acl
To configure a Web Policy FlexConnect ACL on an access point, use the config ap flexconnect web-policy acl command.
config ap flexconnect web-policy acl { add | delete} acl_name
Syntax Description
add |
Adds a Web Policy FlexConnect ACL on an access point. |
delete |
Deletes Web Policy FlexConnect ACL on an access point. |
acl_name |
Name of the Web Policy FlexConnect ACL. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to add a Web Policy FlexConnect ACL on an access point:
(Cisco Controller) >config ap flexconnect web-policy acl add flexacl2
config ap flexconnect wlan
To configure a FlexConnect access point in a locally switched WLAN, use the config ap flexconnect wlan command.
config ap flexconnect wlan l2acl { add wlan_id cisco_ap acl_name | delete wlan_id cisco_ap}
Syntax Description
add |
Adds a Layer 2 ACL to the FlexConnect access point. |
wlan_id |
Wireless LAN identifier from 1 to 512. |
cisco_ap |
Name of the Cisco lightweight access point. |
acl_name |
Layer 2 ACL name. The name can be up to 32 alphanumeric characters. |
delete |
Deletes a Layer 2 ACL from the FlexConnect access point. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Usage Guidelines
-
You can create a maximum of 16 rules for a Layer 2 ACL.
-
You can create a maximum of 64 Layer 2 ACLs on a Cisco WLC.
-
A maximum of 16 Layer 2 ACLs are supported per AP because an AP supports a maximum of 16 WLANs.
-
Ensure that the Layer 2 ACL names do not conflict with the FlexConnect ACL names because an AP does not support the same Layer 2 and Layer 3 ACL names.
Examples
The following example shows how to configure a Layer 2 ACL on a FlexConnect AP.
(Cisco Controller) >config ap flexconnect wlan add 1 AP1600_1 acl_l2_1
config flexconnect acl
To apply access control lists that are configured on a FlexConnect access point, use the config flexconnect acl command.
config flexconnect acl { apply | create | delete} acl_name
Syntax Description
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to apply the ACL configured on a FlexConnect access point:
(Cisco Controller) >config flexconnect acl apply acl1
config flexconnect acl rule
To configure access control list (ACL) rules on a FlexConnect access point, use the config flexconnect acl rule command.
config flexconnect aclrule { action rule_name rule_index { permit | deny} | add rule_name rule_index | change index rule_name old_index new_index | delete rule_name rule_index | destination address rule_name rule_index ip_address netmask | destination port range rule_name rule_index start_port end_port | direction rule_name rule_index { in | out | any} | dscp rule_name rule_index dscp | protocol rule_name rule_index protocol | source address rule_name rule_index ip_address netmask | source port range rule_name rule_index start_port end_port | swap index rule_name index_1 index_2}
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to configure an ACL to permit access:
(Cisco Controller) >config flexconnect acl rule action lab1 4 permit
config flexconnect arp-caching
config flexconnect arp-caching { enable } disable}
Syntax Description
arp-caching enable |
Instructs the access point to save the ARP entry for a client in the cache and reply on its behalf of the client for locally switched WLAN. |
arp-caching disable |
Disables ARP caching. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to apply the proxy ARP with locally switched WLAN on FlexConnect APs.
(Cisco Controller) >config flexconnect arp-caching enable
config flexconnect group vlan
To configure VLAN for a FlexConnect group, use the config flexconnect group vlan command.
config flexconnect group group_name vlan { add vlan-id acl in-aclname out-aclname | delete vlan-id}
Syntax Description
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to add VLAN ID 1 for the FlexConnect group myflexacl where the in-bound ACL name is in-acl and the out-bound ACL is out-acl:
(Cisco Controller) >config flexconnect group vlan myflexacl vlan add 1 acl in-acl out-acl
config flexconnect group web-auth
To configure Web-Auth ACL for a FlexConnect group, use the config flexconnect group web-auth command.
config flexconnect group group_name web-auth wlan wlan-id acl acl-name { enable | disable}
Syntax Description
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable Web-Auth ACL webauthacl for the FlexConnect group myflexacl on WLAN ID 1:
(Cisco Controller) >config flexconnect group myflexacl web-auth wlan 1 acl webauthacl enable
config flexconnect group web-policy
To configure Web Policy ACL for a FlexConnect group, use the config flexconnect group web-policy command.
config flexconnect group group_name web-policy acl { add | delete} acl-name
Syntax Description
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to add the Web Policy ACL mywebpolicyacl to the FlexConnect group myflexacl:
(Cisco Controller) >config flexconnect group myflexacl web-policy acl add mywebpolicyacl
config flexconnect join min-latency
To enable or disable the access point to choose the controller with the least latency when joining, use the config flexconnect join min-latency command.
config flexconnect join min-latency { enable | disable} cisco_ap
Syntax Description
Enables the access point to choose the controller with the least latency when joining. |
|
Disables the access point to choose the controller with the least latency when joining. |
|
Command Default
The access point cannot choose the controller with the least latency when joining.
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Usage Guidelines
When you enable this feature, the access point calculates the time between the discovery request and discovery response and joins the controller that responds first.
This configuration overrides the HA setting on the controller, and is applicable only for OEAP access points.
Examples
The following example shows how to enable the access point to choose the controller with the least latency when joining:
(Cisco Controller) >config flexconnect join min-latency enable CISCO_AP
debug Commands
debug capwap reap
To configure the debugging of Control and Provisioning of Wireless Access Points (CAPWAP) settings on a FlexConnect access point, use the debug capwap reap command.
debug capwap reap [ mgmt | load]
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure the debugging of FlexConnect client authentication and association messages:
(Cisco Controller) >debug capwap reap mgmt
debug dot11 mgmt interface
To configure debugging of 802.11 management interface events, use the debug dot11 mgmt interface command.
debug dot11 mgmt interface
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to debug 802.11 management interface events:
(Cisco Controller) >debug dot11 mgmt interface
debug dot11 mgmt msg
To configure debugging of 802.11 management messages, use the debug dot11 mgmt msg command.
debug dot11 mgmt msg
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
This example shows how to debug dot11 management messages:
(Cisco Controller) >debug dot11 mgmt msg
debug dot11 mgmt ssid
To configure debugging of 802.11 SSID management events, use the debug dot11 mgmt ssid command.
debug dot11 mgmt ssid
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure the debugging of 802.11 SSID management events:
(Cisco Controller) >debug dot11 mgmt ssid
debug dot11 mgmt state-machine
To configure debugging of the 802.11 state machine, use the debug dot11 mgmt state-machine command.
debug dot11 mgmt state-machine
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure the debugging of 802.11 state machine:
(Cisco Controller) >debug dot11 mgmt state-machine
debug dot11 mgmt station
To configure the debugging of the management station settings, use the debug dot11 mgmt station command.
debug dot11 mgmt station
Syntax Description
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure the debugging of the management station settings:
(Cisco Controller) >debug dot11 mgmt station
debug flexconnect aaa
To configure debugging of FlexConnect backup RADIUS server events or errors, use the debug flexconnect aaa command.
debug flexconnect aaa { event | error} { enable | disable}
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable the debugging of FlexConnect RADIUS server events:
(Cisco Controller) >debug flexconnect aaa event enable
debug flexconnect acl
Configures debugging of FlexConnect access control lists (ACLs), use the debug flexconnect acl command.
debug flexconnect acl { enable | disable}
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable the debugging of FlexConnect ACLs:
(Cisco Controller) >debug flexconnect acl enable
debug flexconnect cckm
Configure debugging of FlexConnect Cisco Centralized Key Management (CCKM) fast roaming, use the debug flexconnect cckm command.
debug flexconnect cckm { enable | disable}
Syntax Description
Enables the debugging of FlexConnect CCKM fast roaming settings. |
|
Disables the debugging of FlexConnect CCKM fast roaming settings. |
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable the debugging of FlexConnect CCKM fast roaming events:
(Cisco Controller) >debug flexconnect cckm event enable
debug flexconnect client ap
To debug FlexConnect client access point MAC addresses, use the debug flexconnect client ap command.
debug flexconnect client ap ap-name { add | delete} MAC-address1 MAC-address2 MAC-address3 MAC-address4
Syntax Description
add |
Adds the MAC address to the group. |
delete |
Deletes the MAC address from the group. |
MAC-address |
MAC address of the client |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to debug FlexConnect client ap 'room' MAC addresses:
(Cisco Controller) >debug flexconnect client ap room add 00.0c.41.07.33.a6 0A.0c.52.17.97.b6
debug flexconnect client ap syslog
To configure debug logging of the syslog server for a FlexConnect client AP, use the debug flexconnect client ap command.
debug flexconnect client ap ap-name syslog { ip-address | disable}
Syntax Description
ip-address |
Configures the syslog server ip-address for debug logging. |
disable |
Disables the debug logging to the syslog server. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure syslog server for debug log for the FlexConnect client AP 'room':
(Cisco Controller) >debug flexconnect client ap room syslog 192.168.1.1
debug flexconnect client group
To debug FlexConnect client group MAC addresses, use the debug flexconnect client group command.
debug flexconnect client group group-name { add | delete} MAC-address1 MAC-address2 MAC-address3 MAC-address4
Syntax Description
add |
Adds the MAC address to the group. |
delete |
Deletes the MAC address from the group. |
MAC-address |
MAC address of the client. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to debug FlexConnect client group MAC addresses:
(Cisco Controller) >debug flexconnect client group school add 00.0c.41.07.33.a6 0A.0c.52.17.97.b6
debug flexconnect client group syslog
To debug FlexConnect group access point syslog, use the debug flexconnect client group command.
debug flexconnect client group group-name syslog ip-address | disable
Syntax Description
ip-address |
Configures the syslog server ip-address for debug logging. |
disable |
Disables the debug logging to the syslog server. |
Command Default
None
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to configure FlexConnect client group 'school' for debug logging purposes:
(Cisco Controller) >debug flexconnect client group school syslog 192.168.1.1
debug flexconnect group
To configure debugging of FlexConnect access point groups, use the debug flexconnect group command.
debug flexconnect group { enable | disable}
Syntax Description
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable the debugging of FlexConnect access point groups:
(Cisco Controller) >debug flexconnect group enable
debug pem
To configure debugging of the access policy manager, use the debug pem command.
debug pem { events | state} { enable | disable}
Syntax Description
Configures the debugging of the policy manager state machine. |
|
Command Default
Command History
Release | Modification |
---|---|
8.3 | This command was introduced. |
Examples
The following example shows how to enable the debugging of the access policy manager:
(Cisco Controller) >debug pem state enable