Configuration Commands: a to f

3gpp-info

To configure a 802.11u 3rd Generation Partnership Project (3GPP) cellular network used by hotspots, use the 3gpp-info command. To remove the network, use the no form of the command.

3gpp-info country-code network-code

Syntax Description

country-code

Mobile country code.

network-code

Mobile network code.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure a 802.11u 3GPP cellular network:

Device(config)# wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# 3gpp-info us mcc  

aaa accounting identity

To enable authentication, authorization, and accounting (AAA) for IEEE 802.1x, MAC authentication bypass (MAB), and web authentication sessions, use the aaa accounting identity command in global configuration mode. To disable IEEE 802.1x accounting, use the no form of this command.

aaa accounting identity { name | default } start-stop { broadcast group { name | radius | tacacs+} [ group { name | radius | tacacs+} ... ] | group { name | radius | tacacs+} [ group { name | radius | tacacs+} ... ]}

no aaa accounting identity { name | default }

Syntax Description

name

Name of a server group. This is optional when you enter it after the broadcast group and group keywords.

default

Uses the accounting methods that follow as the default list for accounting services.

start-stop

Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process. The start accounting record is sent in the background. The requested-user process begins regardless of whether or not the start accounting notice was received by the accounting server.

broadcast

Enables accounting records to be sent to multiple AAA servers and send accounting records to the first server in each group. If the first server is unavailable, the device uses the list of backup servers to identify the first server.

group

Specifies the server group to be used for accounting services. These are valid server group names:

  • name — Name of a server group.

  • radius — Lists of all RADIUS hosts.

  • tacacs+ — Lists of all TACACS+ hosts.

The group keyword is optional when you enter it after the broadcast group and group keywords. You can enter more than optional group keyword.

radius

(Optional) Enables RADIUS authorization.

tacacs+

(Optional) Enables TACACS+ accounting.

Command Default

AAA accounting is disabled.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

To enable AAA accounting identity, you need to enable policy mode. To enable policy mode, enter the authentication display new-style command in privileged EXEC mode.

Examples

This example shows how to configure IEEE 802.1x accounting identity:


Device# authentication display new-style

Please note that while you can revert to legacy style
configuration at any time unless you have explicitly
entered new-style configuration, the following caveats
should be carefully read and understood.

(1) If you save the config in this mode, it will be written
    to NVRAM in NEW-style config, and if you subsequently
    reload the router without reverting to legacy config and
    saving that, you will no longer be able to revert.

(2) In this and legacy mode, Webauth is not IPv6-capable. It
    will only become IPv6-capable once you have entered new-
    style config manually, or have reloaded with config saved
    in 'authentication display new' mode.

Device# configure terminal
Device(config)# aaa accounting identity default start-stop group radius

aaa accounting update periodic interval-in-minutes

To configure accounting update records intervals, use the aaa accounting update periodic command.

aaa accounting update periodic interval-in-minutes [ jitter maximum jitter-max-value]

Syntax Description

periodic

Send accounting update records at regular intervals.

<1-71582>

Periodic intervals to send accounting update records(in minutes)

jitter

Set jitter parameters for periodic interval

maximum

Set maximum jitter value for periodic interval (in seconds)

<0-2147483>

Maximum jitter value for periodic interval(in seconds). Default is 300 seconds.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure the interval to five minutes at which the accounting records are updated:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa accounting update periodic 5

aaa authentication dot1x

To specify the authentication, authorization, and accounting (AAA) method to use on ports complying with the IEEE 802.1x authentication, use the aaa authentication dot1x command in global configuration mode . To disable authentication, use the no form of this command.

aaa authentication dot1x { default} method1

no aaa authentication dot1x { default} method1

Syntax Description

default

The default method when a user logs in. Use the listed authentication method that follows this argument.

method1

Specifies the server authentication. Enter the group radius keywords to use the list of all RADIUS servers for authentication.

Note

 

Though other keywords are visible in the command-line help strings, only the default and group radius keywords are supported.

Command Default

No authentication is performed.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

The method argument identifies the method that the authentication algorithm tries in the specified sequence to validate the password provided by the client. The only method that is IEEE 802.1x-compliant is the group radius method, in which the client data is validated against a RADIUS authentication server.

If you specify group radius , you must configure the RADIUS server by entering the radius-server host global configuration command.

Use the show running-config privileged EXEC command to display the configured lists of authentication methods.

Examples

This example shows how to enable AAA and how to create an IEEE 802.1x-compliant authentication list. This authentication first tries to contact a RADIUS server. If this action returns an error, the user is not allowed access to the network.


Device(config)# aaa new-model
Device(config)# aaa authentication dot1x default group radius

aaa authentication login

To set authentication, authorization, and accounting (AAA) at login, use the aaa authentication login command in global configuration mode.

aaa authentication login authentication-list-name { group } group-name

Syntax Description

authentication-list-name

Character string used to name the list of authentication methods activated when a user logs in.

group

Uses a subset of RADIUS servers for authentication as defined by the server group group-name .

group-name

Server group name.

Command Default

None

Command Modes

Global Configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following example shows how to set an authentication method list named local_webauth to the group type named local in local web authentication:

Device(config)# aaa authentication login local_webauth local

The following example shows how to set an authentication method to RADIUS server group in local web authentication:

Device(config)# aaa authentication login webauth_radius group ISE_group

aaa authorization

To set the parameters that restrict user access to a network, use the aaa authorization command in global configuration mode. To remove the parameters, use the no form of this command.

aaa authorization { auth-proxy | cache | commands level | config-commands | configuration | console | credential-download | exec | multicast | network | onep | policy-if | prepaid | radius-proxy | reverse-access | subscriber-service | template} { default | list_name } [ method1 [ method2 ...]]

Syntax Description

auth-proxy

Runs authorization for authentication proxy services.

cache

Configures the authentication, authorization, and accounting (AAA) server.

commands

Runs authorization for all commands at the specified privilege level.

level

Specific command level that should be authorized. Valid entries are 0 through 15.

config-commands

Runs authorization to determine whether commands entered in configuration mode are authorized.

configuration

Downloads the configuration from the AAA server.

console

Enables the console authorization for the AAA server.

credential-download

Downloads EAP credential from Local/RADIUS/LDAP.

exec

Enables the console authorization for the AAA server.

multicast

Downloads the multicast configuration from the AAA server.

network

Runs authorization for all network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Programs (NCPs), and AppleTalk Remote Access (ARA).

onep

Runs authorization for the ONEP service.

reverse-access

Runs authorization for reverse access connections, such as reverse Telnet.

template

Enables template authorization for the AAA server.

default

Uses the listed authorization methods that follow this keyword as the default list of methods for authorization.

list_name

Character string used to name the list of authorization methods.

method1 [ method2...]

(Optional) An authorization method or multiple authorization methods to be used for authorization. A method may be any one of the keywords listed in the table below.

Command Default

Authorization is disabled for all actions (equivalent to the method keyword none ).

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Use the aaa authorization command to enable authorization and to create named methods lists, which define authorization methods that can be used when a user accesses the specified function. Method lists for authorization define the ways in which authorization will be performed and the sequence in which these methods will be performed. A method list is a named list that describes the authorization methods (such as RADIUS or TACACS+) that must be used in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, which ensures a backup system in case the initial method fails. Cisco IOS software uses the first method listed to authorize users for specific network services; if that method fails to respond, the Cisco IOS software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method, or until all the defined methods are exhausted.


Note


The Cisco IOS software attempts authorization with the next listed method only when there is no response from the previous method. If authorization fails at any point in this cycle--meaning that the security server or the local username database responds by denying the user services--the authorization process stops and no other authorization methods are attempted.


If the aaa authorization command for a particular authorization type is issued without a specified named method list, the default method list is automatically applied to all interfaces or lines (where this authorization type applies) except those that have a named method list explicitly defined. (A defined method list overrides the default method list.) If no default method list is defined, then no authorization takes place. The default authorization method list must be used to perform outbound authorization, such as authorizing the download of IP pools from the RADIUS server.

Use the aaa authorization command to create a list by entering the values for the list-name and the method arguments, where list-name is any character string used to name this list (excluding all method names) and method identifies the list of authorization methods tried in the given sequence.


Note


In the table that follows, the group group-name , group ldap , group radius , and group tacacs+ methods refer to a set of previously defined RADIUS or TACACS+ servers. Use the radius server and tacacs server commands to configure the host servers. Use the aaa group server radius , aaa group server ldap , and aaa group server tacacs+ commands to create a named group of servers.


This table describes the method keywords.

Table 1. aaa authorization Methods

Keyword

Description

cache group-name

Uses a cache server group for authorization.

group group-name

Uses a subset of RADIUS or TACACS+ servers for accounting as defined by the server group group-name command.

group ldap

Uses the list of all Lightweight Directory Access Protocol (LDAP) servers for authentication.

group radius

Uses the list of all RADIUS servers for authentication as defined by the aaa group server radius command.

grouptacacs+

Uses the list of all TACACS+ servers for authentication as defined by the aaa group server tacacs+ command.

if-authenticated

Allows the user to access the requested function if the user is authenticated.

Note

 

The if-authenticated method is a terminating method. Therefore, if it is listed as a method, any methods listed after it will never be evaluated.

local

Uses the local database for authorization.

none

Indicates that no authorization is performed.

Cisco IOS software supports the following methods for authorization:
  • Cache Server Groups—The router consults its cache server groups to authorize specific rights for users.

  • If-Authenticated—The user is allowed to access the requested function provided the user has been authenticated successfully.

  • Local—The router or access server consults its local database, as defined by the username command, to authorize specific rights for users. Only a limited set of functions can be controlled through the local database.

  • None—The network access server does not request authorization information; authorization is not performed over this line or interface.

  • RADIUS—The network access server requests authorization information from the RADIUS security server group. RADIUS authorization defines specific rights for users by associating attributes, which are stored in a database on the RADIUS server, with the appropriate user.

  • TACACS+—The network access server exchanges authorization information with the TACACS+ security daemon. TACACS+ authorization defines specific rights for users by associating attribute-value (AV) pairs, which are stored in a database on the TACACS+ security server, with the appropriate user.

Method lists are specific to the type of authorization being requested. AAA supports five different types of authorization:

  • Commands—Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

  • EXEC—Applies to the attributes associated with a user EXEC terminal session.

  • Network—Applies to network connections. The network connections can include a PPP, SLIP, or ARA connection.


    Note


    You must configure the aaa authorization config-commands command to authorize global configuration commands, including EXEC commands prepended by the do command.


  • Reverse Access—Applies to reverse Telnet sessions.

  • Configuration—Applies to the configuration downloaded from the AAA server.

When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type.

Once defined, the method lists must be applied to specific lines or interfaces before any of the defined methods are performed.

The authorization command causes a request packet containing a series of AV pairs to be sent to the RADIUS or TACACS daemon as part of the authorization process. The daemon can do one of the following:

  • Accept the request as is.

  • Make changes to the request.

  • Refuse the request and authorization.

For a list of supported RADIUS attributes, see the module RADIUS Attributes. For a list of supported TACACS+ AV pairs, see the module TACACS+ Attribute-Value Pairs.

Note


Five commands are associated with privilege level 0: disable , enable , exit , help , and logout . If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included in the privilege level command set.


Examples

The following example shows how to define the network authorization method list named mygroup, which specifies that RADIUS authorization will be used on serial lines using PPP. If the RADIUS server fails to respond, local network authorization will be performed.


Device(config)#  aaa authorization network mygroup group radius local

aaa authorization credential download default

To set an authorization method list to use local credentials, use the aaa authorization credential download default command in global configuration mode.

aaa authorization credential download default group-name

Syntax Description

group-name

Server group name.

Command Default

None

Command Modes

Global Configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following example shows how to set an authorization method list to use local credentials:

Device(config)# aaa authorization credential-download default local

aaa group server ldap

To configure a AAA server group, use the aaa group server ldap command.

aaa group server ldap group-name

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Fuji 16.9.1

This command was introduced.

Examples

This example shows how to configure a AAA server group:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa new-model
Device(config)# aaa group server ldap name1
Device(config-ldap-sg)# server server1
Device(config-ldap-sg)# exit

aaa group server radius

To group different RADIUS server hosts into distinct lists and distinct methods, use the aaa group server radius command in global configuration mode.

aaa group server radius group-name

Syntax Description

group-name

Character string used to name the group of servers.

Command Default

None

Command Modes

Global configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

The authentication, authorization, and accounting (AAA) server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.

A group server is a list of server hosts of a particular type. Currently supported server host types are RADIUS server hosts. A group server is used in conjunction with a global server host list. The group server lists the IP addresses of the selected server hosts.

Examples

The following example shows how to configure an AAA group server named ISE_Group that comprises three member servers:

Device(config)# aaa group server radius ISE_Group

aaa local authentication default authorization

To configure local authentication method list, use the aaa local authentication default authorization command.

aaa local authentication default authorization [ method-list-name | default]

Syntax Description

method-list-name

Name of the method list.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure local authentication method list to the default list:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# aaa local authentication default authorization default

aaa new-model

To enable the authentication, authorization, and accounting (AAA) access control model, issue the aaa new-model command in global configuration mode. To disable the AAA access control model, use the no form of this command.

aaa new-model

no aaa new-model

Syntax Description

This command has no arguments or keywords.

Command Default

AAA is not enabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

This command enables the AAA access control system.

If the login local command is configured for a virtual terminal line (VTY), and the aaa new-model command is removed, you must reload the device to get the default configuration or the login command. If the device is not reloaded, the device defaults to the login local command under the VTY.


Note


We do not recommend removing the aaa new-model command.
The following example shows this restriction:
Device(config)# aaa new-model
Device(config)# line vty 0 15
Device(config-line)# login local
Device(config-line)# exit
Device(config)# no aaa new-model
Device(config)# exit 
Device# show running-config | b line vty

line vty 0 4
 login local  !<=== Login local instead of "login"
line vty 5 15
 login local
!

Examples

The following example initializes AAA:


Device(config)# aaa new-model
Device(config)# 

aaa server radius dynamic-author

To configure a device as an authentication, authorization, and accounting (AAA) server to facilitate interaction with an external policy server, use the aaa server radius dynamic-author command in global configuration mode. To remove this configuration, use the no form of this command.

aaa server radius dynamic-author

no aaa server radius dynamic-author

Syntax Description

This command has no arguments or keywords.

Command Default

The device will not function as a server when interacting with external policy servers.

Command Modes

Global configuration

Command History

Release

Modification

12.2(28)SB

This command was introduced.

12.4

This command was integrated into Cisco IOS Release 12.4.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6.

12.2(5)SXI

This command was integrated into Cisco IOS Release 12.2(5)SXI.

15.2(2)T

This command was integrated into Cisco IOS Release 15.2(2)T.

This command was introduced.

Usage Guidelines

Dynamic authorization allows an external policy server to dynamically send updates to a device. Once the aaa server radius dynamic-author command is configured, dynamic authorization local server configuration mode is entered. Once in this mode, the RADIUS application commands can be configured.

Dynamic Authorization for the Intelligent Services Gateway (ISG)

ISG works with external devices, referred to as policy servers, that store per-subscriber and per-service information. ISG supports two models of interaction between the ISG device and external policy servers: initial authorization and dynamic authorization.

The dynamic authorization model allows an external policy server to dynamically send policies to the ISG. These operations can be initiated in-band by subscribers (through service selection) or through the actions of an administrator, or applications can change policies on the basis of an algorithm (for example, change session quality of service (QoS) at a certain time of day). This model is facilitated by the Change of Authorization (CoA) RADIUS extension. CoA introduced peer-to-peer capability to RADIUS, enabling ISG and the external policy server each to act as a RADIUS client and server.

Examples

The following example configures the ISG to act as a AAA server when interacting with the client at IP address 10.12.12.12:


aaa server radius dynamic-author
 client 10.12.12.12 key cisco
 message-authenticator ignore

aaa session-id

To specify whether the same session ID will be used for each authentication, authorization, and accounting (AAA) accounting service type within a call or whether a different session ID will be assigned to each accounting service type, use the aaa session-id command in global configuration mode. To restore the default behavior after the unique keyword is enabled, use the no form of this command.

aaa session-id [common | unique]

no aaa session-id [unique]

Syntax Description

common

(Optional) Ensures that all session identification (ID) information that is sent out for a given call will be made identical. The default behavior is common .

unique

(Optional) Ensures that only the corresponding service access-requests and accounting-requests will maintain a common session ID. Accounting-requests for each service will have a different session ID.

Command Default

The common keyword is enabled.

Command Modes


Global configuration

Command History

Release

Modification

12.2(4)B

This command was introduced.

12.2(8)T

This command was integrated into Cisco IOS Release 12.2(8)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

This command was integrated in Cisco IOS XE 16.12.1.

Usage Guidelines

The common keyword behavior allows the first session ID request of the call to be stored in a common database; all proceeding session ID requests will retrieve the value of the first session ID. Because a common session ID is the default behavior, this functionality is written to the system configuration after the aaa new-model command is configured.


Note


The router configuration will always have either the aaa session-id common or the aaa session-id unique command enabled; it is not possible to have neither of the two enabled. Thus, the no aaa session-id unique command will revert to the default functionality, but the no aaa session-id common command will not have any effect because it is the default functionality.


The unique keyword behavior assigns a different session ID for each accounting type (Auth-Proxy, Exec, Network, Command, System, Connection, and Resource) during a call. To specify this behavior, the unique keyword must be specified. The session ID may be included in RADIUS access requests by configuring the radius-server attribute 44 include-in-access-req command. The session ID in the access-request will be the same as the session ID in the accounting request for the same service; all other services will provide unique session IDs for the same call.

Examples

The following example shows how to configure unique session IDs:


aaa new-model
aaa authentication ppp default group radius
radius-server host 10.100.1.34
radius-server attribute 44 include-in-access-req
aaa session-id unique

aaa-override

To enable AAA override, use the aaa-override command. To disable AAA override, use the no form of this command.

aaa-override

no aaa-override

Syntax Description

This command has no keywords or arguments.

Command Default

AAA is disabled by default.

Command Modes

Wireless policy configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to enable AAA:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy policy-test
Device(config-wireless-policy)# aaa-override

aaa-override vlan fallback

To allow fallback to policy profile VLAN when the overridden VLAN is not available, use the aaa-override vlan fallback command, in the wireless policy configuration mode. To disable fallback to policy profile VLAN, use the no form of this command.

aaa-override vlan fallback

no aaa-override vlan fallback

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Wireless policy configuration mode

Command History

Release Modification
Cisco IOS XE Bengaluru 17.6.1

This command was introduced.

Usage Guidelines

None

Examples

The following example shows you how to allow fallback to policy profile VLAN when the overridden VLAN is not available:

Device# configure terminal
Device(config)# wireless profile policy defalt-policy-profile 
Device(config-wireless-policy)# aaa-override vlan fallback

aaa-policy

To map a AAA policy in a WLAN policy profile, use the aaa-policy command.

aaa-policy aaa-policy-name

Syntax Description

aaa-policy-name

Name of the AAA policy.

Command Default

None

Command Modes

config-wireless-policy

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to map a AAA policy in a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy policy-name
Device(config-wireless-policy)# aaa-policy aaa-policy-name

aaa-realm enable

To enable AAA RADUIS selection by realm, use the aaa-realm enable command.

aaa-realm enable

Command Default

None

Command Modes

config-aaa-policy

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to enable AAA RADIUS section by realm:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless aaa policy aaa-profile-name
Device (config-aaa-policy)#  aaa-realm enable

absolute-timer

To enable an absolute timeout for subscriber sessions, use the absolute-timer command in service template configuration mode. To disable the timer, use the no form of this command.

absolute-timer minutes

no absolute-timer

Syntax Description

minutes

Maximum session duration, in minutes. Range: 1 to 65535. Default: 0, which disables the timer.

Command Default

Disabled (the absolute timeout is 0).

Command Modes

Service template configuration (config-service-template)

Command History

Release

Modification

Cisco IOS XE Release 3.2SE

This command was introduced.

Usage Guidelines

Use the absolute-timer command to limit the number of minutes that a subscriber session can remain active. After this timer expires, a session must repeat the process of establishing its connection as if it were a new request.

Examples

The following example shows how to set the absolute timeout to 15 minutes in the service template named SVC_3:

service-template SVC_3
 description sample
 access-group ACL_2
 vlan 113
 inactivity-timer 15
 absolute-timer 15

access-list

To add an access list entry, use the access-list command.

access-list {1-99 | 100-199 | 1300-1999 | 2000-2699 }[ sequence-number] { deny | permit } { hostname-or-ip-addr [wildcard-bits | log] | any [ log] | host hostname-or-ip-addr log} | { remark [ line]}

Syntax Description

1-99

Configures IP standard access list.

100-199

Configures IP extended access list.

1300-1999

Configures IP standard access list (expanded range).

2000-2699

Configures IP extended access list (expanded range).

sequence-number

Sequence number of the ACL entry. Valid range is 1 to 2147483647.

deny

Configures packets to be rejected.

permit

Configures packets to be forwarded.

hostname-or-ip-addr

Hostname or the IP address to match.

wildcard-bits

Wildcard bits to match the IP address.

log

Configures log matches against this entry.

any

Any source host.

host

A single host address.

remark

Configures ACL entry comment.

line

The ACL entry comment.

Command Default

None

Command Modes

Global Config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to add an access list entry:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# access-list 1 permit any

access-list acl-ace-limit

To set the maximum configurable ace limit for all ACLs, use the access-list acl-ace-limit command.

access-list acl-ace-limit max-ace-limit

Syntax Description

max-ace-limit

Maximum number of ace limit for all ACLs. Valid range is 1 to 4294967295.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to set the maximum configurable ace limit for all ACLs to 100:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# access-list acl-ace-limit 100

accounting-list

To configure RADIUS accounting servers on a WLAN policy profile, use the accounting-list command. To disable RADIUS server accounting, use the no form of this command.

accounting-list radius-server-acct

no accounting-list

Syntax Description

radius-server-acct

Accounting RADIUS server name.

Command Default

RADIUS server accounting is disabled by default.

Command Modes

WLAN policy configuration

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Examples

This example shows how to configure RADIUS server accounting on a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy rr-xyz-policy-1
Device(config-wireless-policy)# accounting-list test
Device(config-wireless-policy)# no shutdown

This example shows how to disable RADIUS server accounting on a WLAN policy profile:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile policy rr-xyz-policy-1
Device(config-wireless-policy)# no accounting-list test
Device(config-wireless-policy)# no shutdown

acl-policy

To configure an access control list (ACL) policy, use the acl-policy command.

acl-policy acl-policy-name

Syntax Description

acl-policy-name

Name of the ACL policy.

Command Default

None

Command Modes

config-wireless-flex-profile

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure an ACL policy name:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless profile flex default-flex-profile
Device(config-wireless-flex-profile)# acl-policy my-acl-policy

action power-saving-mode power-profile

To map a specific power profile to a specific calendar profile and to map the power saving mode action for the calendar profile, use the action power-saving-mode power-profile command. Use the no form of this command to disable the command.

action power-saving-mode power-profile power-profile-name

[no] action power-saving-mode power-profile power-profile-name

Syntax Description

power-profile-name

Specifies the name of the power profile.

Command Default

None

Command Modes

AP calendar profile configuration mode.

Command History

Release Modification
Cisco IOS XE Cupertino 17.8.1

This command was introduced.

Examples

The following example shows how to map a specific power profile to a specific calendar profile and to map the power saving mode action for the calendar profile:

Device(config)# ap profile ap-profile-name
Device(config-ap-profile)# calendar-profile ap-calendar-profile
Device(config-ap-profile-calendar)# action power-saving-mode power-profile power-profile1

address

To specify the IP address of the Rivest, Shamir, and Adelman (RSA) public key of the remote peer that you will manually configure in the keyring, use the address command in rsa-pubkey configuration mode. To remove the IP address, use the no form of this command.

address ip-address

no address ip-address

Syntax Description

ip-address

IP address of the remote peer.

Command Default

No default behavior or values

Command Modes


Rsa-pubkey configuration

Command History

Release

Modification

11.3 T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.6

This command was integrated into Cisco IOS XE Release 2.6.

Usage Guidelines

Before you can use this command, you must enter the rsa-pubkey command in the crypto keyring mode.

Examples

The following example specifies the RSA public key of an IP Security (IPSec) peer:


Router(config)# crypto keyring vpnkeyring
Router(conf-keyring)# rsa-pubkey name host.vpn.com
Router(config-pubkey-key)# address 10.5.5.1
Router(config-pubkey)# key-string
Router(config-pubkey)# 00302017 4A7D385B 1234EF29 335FC973
Router(config-pubkey)# 2DD50A37 C4F4B0FD 9DADE748 429618D5
Router(config-pubkey)# 18242BA3 2EDFBDD3 4296142A DDF7D3D8
Router(config-pubkey)# 08407685 2F2190A0 0B43F1BD 9A8A26DB
Router(config-pubkey)# 07953829 791FCDE9 A98420F0 6A82045B
Router(config-pubkey)# 90288A26 DBC64468 7789F76E EE21
Router(config-pubkey)# quit
Router(config-pubkey-key)# exit
Router(conf-keyring)# exit

address

To configure Software-Defined Application Visibility and Control (SD-AVC) controller IP address, use the address command. To remove the SD-AVC controller IP address, use the no form of this command.

address ipv4-address

no address

Syntax Description

ipv4-address

IPv4 address of the SD-AVC controller.

Command Default

Controller IP address is not configured.

Command Modes

SD Service Controller Configuration (config-sd-service-controller)

Command History

Release Modification
Cisco IOS XE Cupertino 17.7.1

This command was introduced.

Usage Guidelines

Supports only IPv4 address.

Examples

The following example shows how to configure SD-AVC controller IP address:

Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
VM1(config)# avc sd-service 
Device(config-sd-service)# controller
Device(config-sd-service-controller)# address 209.165.201.0

address prefix

To specify an address prefix for address assignment, use the address prefix command in interface configuration mode. To remove the address prefix, use the no form of this command.

address prefix ipv6-prefix [lifetime {valid-lifetime preferred-lifetime | infinite}]

no address prefix

Syntax Description

ipv6-prefix

IPv6 address prefix.

lifetime {valid-lifetime preferred-lifetime | infinite}]

(Optional) Specifies a time interval (in seconds) that an IPv6 address prefix remains in the valid state. If the infinite keyword is specified, the time interval does not expire.

Command Default

No IPv6 address prefix is assigned.

Command Modes


DHCP pool configuration (config-dhcpv6)

Command History

Release

Modification

12.4(24)T

This command was introduced.

Usage Guidelines

You can use the address prefix command to configure one or several address prefixes in an IPv6 DHCP pool configuration. Each time the IPv6 DHCP address pool is used, an address will be allocated from each of the address prefixes associated with the IPv6 DHCP pool.

Examples

The following example shows how to configure a pool called engineering with an IPv6 address prefix:


Router(config)# ipv6 dhcp pool engineering
Router(config-dhcpv6)# address prefix 2001:1000::0/64 lifetime infinite

advice-charge

To configure advice of charge for using the service set identifier (SSID) of each of the Network Access Identifier (NAI) realm, use the advice-charge command. To remove the advice of charge, use the no form of this command.

advice-charge { data | time | time-and-data | unlimited}

Syntax Description

data

Specifies charges based on the data volume.

time

Specifies charges based on time.

time-and-data

Specifies charges based on time and data volume.

unlimited

Specifies charges for unlimited access.

Command Default

Advice of charge is not configured.

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification
Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Examples

The following example shows how to configure advice of charge for using the SSID of each NAI realm:

Device(config)# wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# advice-charge unlimited

airtime-fairness mode


Note


Cisco Air Time Fairness (ATF) must be enabled on 2.4- or 5-GHz radios separately.


To configure airtime-fairness in different modes, use the airtime-fairness mode command.

airtime-fairness mode{ enforce-policy | monitor}

Syntax Description

enforce-policy

This mode signifies that the ATF is operational.

monitor

This mode gathers information about air time and reports air time usage.

Command Default

None

Command Modes

RF Profile configuration (config-rf-profile)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure air time fairness in different modes:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rf-profile rfprof24_1
Device(config-rf-profile)# airtime-fairness mode enforce-policy
Device(config-rf-profile)# airtime-fairness optimization
Device(config-rf-profile)# end

allow at-least min-number at-most max-number

To limit the number of multicast RAs per device per throttle period in an RA throttler policy, use the allow at-least min-number at-most max-number command.

allow at-least min-number at-most {max-number | no-limit}

Syntax Description

at-least min-number

Enter the minimum guaranteed number of multicast RAs per router before throttling can be enforced. Valid range is 0 to 32.

at-most max-number

Enter the maximum number of multicast RAs from router by which throttling is enforced. Valid range is 0 to 256.

at-most no-limit

No upper bound at the router level.

Command Default

None

Command Modes

config-nd-ra-throttle

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to limit the number of multicast RAs per device per throttle period in an RA throttler policy:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ipv6 nd ra-throttler policy ra-throttler-policy-name
Device(config-nd-ra-throttle)# allow at-least 5 at-most 10

amsdu (mesh)

To configure backhaul aggregated MAC service data unit (A-MSDU) for a mesh AP profile, use the amsdu command.

amsdu

Syntax Description

This command has no keywords or arguments.

Command Default

amsdu is enabled.

Command Modes

config-wireless-mesh-profile

Command History

Release Modification
Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following example shows how to configure A-MSDU for a mesh AP profile:

Device # configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device (config)# wireless profile mesh mesh-profile
Device (config-wireless-mesh-profile)# amsdu

anqp

To configure the Generic Advertisement Service (GAS) or the Access Network Query Protocol (ANQP) protocol settings, use the anqp command. To remove the protocol settings, use the no form of the command .

anqp { fragmentation-threshold fragmentation-threshold | gas-timeout gas-timeout}

Syntax Description

fragmentation-threshold

ANQP reply fragmentation threshold, in bytes. Valid range is from 16-1462.

gas-timeout

GAS request timeout, in milliseconds. Valid range is from 100-10000.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure GAS request timeout:

Device(config)# wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# anqp gas-timeout 100   

anqp-domain-id

To configure the Hotspot 2.0 Access Network Query Protocol (ANQP) domain identifier, use the anqp-domain-id command. To remove the domain identifier, use the no form of the command .

anqp-domain-id domain-id

Syntax Description

domain-id

ANQP domain ID. The range is from 0 to 65535.

Command Default

None

Command Modes

Wireless ANQP Server Configuration (config-wireless-anqp-server)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.12.1

This command was introduced.

Examples

The following example shows how to configure the Hotspot 2.0 ANQP domain identifier:

Device(config)#wireless hotspot anqp-server my-server
Device(config-wireless-anqp-server)# anqp-domain-id 100   

antenna beam-selection

To configure beam selection of the antenna, use the antenna beam-selection command, in the wireless radio profile configuration mode. Use the no form of this command to disable the feature.

antenna beam-selection { narrow tilt { 10 | 20 } | wide }

Syntax Description

narrow tilt{ 10 | 20}

Configures the tilt degrees for narrow beam selection. You can configure it for 10 degrees or 20 degrees tilt.

10 | 20

Configures the tilt degree of the narrow beam selection for 10 degrees or 20 degrees.

wide

Configures the wide beam selection.

Command Default

None

Command Modes

Wireless radio profile configuration mode

Command History

Release Modification
Cisco IOS XE Bengaluru 17.6.1

This command was introduced.

Usage Guidelines

None

Examples

The following example shows how to configure the beam selection of the antenna:

Device# configure terminal
Device(config)# wireless profile radio radio-profile-name
Device(config-wireless-profile)# antenna beam-selection narrow tilt 10

antenna count

To configure the number of antennas to be enabled under a radio profile, use the antenna count command, in the radio profile configuration mode. To disable the number of antennas configured, use the no form of this command.

antenna count 0 - 8

Syntax Description

0-8

Specifies the antenna count.

Command Default

None

Command Modes

Wireless radio profile configuration mode

Command History

Release Modification
Cisco IOS XE Bengaluru 17.6.1

This command was introduced.

Usage Guidelines

None

Examples

The following example shows you how to configure the number of antennas to be enabled under a radio profile:

Device# configure terminal
Device(config)# wireless profile radio radio-profile-name
Device(config-wireless-radio-profile)# antenna count 4

antenna monitoring

To configure antenna disconnection detection, use the antenna monitoring command. To disable antenna disconnection detection, use the no form of this command.

antenna monitoring [ rssi-failure-threshold threshold-value | weak-rssi weak-rssi-value | detection-time detect-time-in-mins ]

no antenna monitoring

Syntax Description

rssi-failure-threshold threshold-value

Configures RSSI failure threshold value, in dB. Valid values range from 10 to 90, with a default of 40.

The threshold-value determines the signal strength delta across the received antennas of the AP.

weak-rssi weak-rssi-value

Configures weak RSSI value, in dBm. Valid values range from -90 to -10, with a default of 60.

If the RSSI received by the AP is greater or equal to the configured weak-rssi-value , the antenna is considered as broken. Configuration of the weak-rssi-value is based on the deployment of the neighbor AP distance.

detection-time detect-time-in-mins

Configures the antenna disconnection detection time, in minutes. Valid values range from 9 to 180, with a default of 120.

The detect-time-in-mins is used to monitor the signal strength (both weak-rssi-value and threshold-value criteria) before flagging it as a problem.

Command Default

Antenna monitoring is not enabled.

Command Modes

AP profile configuration (config-ap-profile)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.4.1

This command was introduced.

Usage Guidelines

This command is supported only on the following APs:

  • Cisco Catalyst 9120AX Series Access Points

  • Cisco Catalyst 9130AX Series Access Points

  • Cisco Aironet 2800e Access Points

  • Cisco Aironet 3800e Access Points

Examples

The following example shows how to enable antenna disconnection detection:

Device# configure terminal
Device(config)# ap profile xyz-ap-profile
Device(config-ap-profile)# antenna monitoring

ap

To configure cisco APs, use the ap command.

ap mac-address

Syntax Description

mac-address

Ethernet MAC address of the AP.

Command Default

None

Command Modes

config

Command History

Release Modification
Cisco IOS XE Everest 16.6.1

This command was introduced.

Usage Guidelines

none.

Examples

The following example shows how to configure a Cisco AP:

Device(config)# ap F866.F267.7DFB

ap audit-report

To enable or configure AP audit reporting, use the ap audit-report command.

ap audit-report {enable | interval interval}

Syntax Description

enable

Enables AP audit reporting.

interval

Configures the AP audit report interval.

interval

AP audit report interval, in minutes. Default is 1440. The valid range is from 0 to 43200.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Example

The following example shows how to configure AP audit report interval:

Device(config)# ap audit-report interval 1300

ap auth-list

To configure the AP authorization list, use the ap auth-list command in the global configuration mode. To disable the AP authorization list, use the no form of this command.

ap auth-list { authorize-mac | authorize-serialNum | method-list method-list-name}

no ap auth-list { authorize-mac | authorize-serialNum | method-list method-list-name}

Syntax Description

authorize-mac

Configures the AP authorization policy with MAC.

auhorize-serialNum

Configures the AP authorization policy with the serial number.

method-list

Configures the AP authorization method list.

method-list-name

Indicates the method list name.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Gibraltar 16.11.1

This command was introduced.

Examples

The following example shows how to configure the AP authorization policy with serial number:

Device(config) #ap auth-list authorize-serialNum

ap auth-list ap-cert-policy allow-mic-ap

To enable the AP certificate policy during CAPWAP-DTLS handshake, use the ap auth-list ap-cert-policy allow-mic-ap command, in the global configuration mode. To disable the AP certificate policy during CAPWAP-DTLS handshake, use the no form of this command.

ap auth-list ap-cert-policy allow-mic-ap

no ap auth-list ap-cert-policy allow-mic-ap

Syntax Description

This command has no arguments or keywords.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following example shows how to configure AP certificate policy during CAPWAP-DTLS handshake:

Device# configure terminal
Device(config)# ap auth-list ap-cert-policy 
Device(config)# ap auth-list ap-cert-policy allow-mic-ap  

ap auth-list ap-cert-policy allow-mic-ap trustpoint

To configure the trustpoint name for the controller certificate chain, use the ap auth-list ap-cert-policy allow-mic-ap trustpoint command, in the global configuration mode. To disable the feature, use the no form of the command.

ap auth-list ap-cert-policy allow-mic-ap trustpoint

no ap auth-list ap-cert-policy allow-mic-ap trustpoint

Syntax Description

trustpoint-name

Specifies the trustpoint name for the wireless controller certificate chain.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following example shows how to the trustpoint name for the controller certificate chain:

Device# configure terminal
Device(config)# ap auth-list ap-cert-policy 
Device(config)# ap auth-list ap-cert-policy allow-mic-ap trustpoint trustpoint-name  

ap auth-list ap-cert-policy mac-address MAC-address | serial-number AP-serial-number policy-type mic

To configure the AP certificate policy based on the Ethernet MAC address or based on the assembly serial number of the AP, use the ap auth-list ap-cert-policy {mac-address H.H.H | serial-number AP-serial-number} policy-type mic command. Use the no form of this command to disable the feature.

ap auth-list ap-cert-policy { mac-address H.H.H | serial-number AP-serial-number } policy-type mic

no ap auth-list ap-cert-policy { mac-address H.H.H | serial-number AP-serial-number } policy-type mic

Syntax Description

ap auth-list Configure the authorization list of the Access Point.
ap-cert-policy

Specifies the AP Certificate Policy during CAPWAP DTLS.

mac-address MAC-address

Configures AP cert policy based on Ethernet MAC.

serial-number AP-serial-number

Configure AP cert policy based on Serial Number.

policy-type

Configures AP certificate policy type.

mic

Selects MIC AP policy.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following example shows how to configure the AP certificate policy based on the Ethernet MAC address or based on the assembly serial number of the AP:

Device# configure terminal
Device(config)# ap auth-list ap-cert-policy mac-address 10.1.1 policy-type mic
 
Device(config)# ap auth-list ap-cert-policy serial-number ap-serial-number policy-type mic 

ap auth-list ap-policy

To configure authorization policy for all Cisco lightweight access points joined to the device, use the ap auth-list ap-policy command. To disable authorization policy for all Cisco lightweight access points joined to the device, use the no form of this command.

ap auth-list ap-policy {authorize-ap | lsc | mic | ssc}

no ap auth-list ap-policy {authorize-ap | lsc | mic | ssc}

Syntax Description

authorize-ap

Enables the authorization policy.

lsc

Enables access points with locally significant certificates to connect.

mic

Enables access points with manufacture-installed certificates to connect.

ssc

Enables access points with self signed certificates to connect.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to enable the access point authorization policy:

Device(config)# ap auth-list ap-policy authorize-ap

This example shows how to enable access points with locally significant certificates to connect:

Device(config)# ap auth-list ap-policy lsc

This example shows how to enable access points with manufacture-installed certificates to connect:

Device(config)# ap auth-list ap-policy mic

This example shows how to enable access points with self-signed certificates to connect:

Device(config)# ap auth-list ap-policy ssc

ap capwap multicast

To configure the multicast address used by all access points to receive multicast traffic when multicast forwarding is enabled and to configure the outer Quality of Service (QoS) level of those multicast packets sent to the access points, use the ap capwap multicast command.

ap capwap multicast {multicast-ip-address | service-policy output pollicymap-name}

Syntax Description

multicast-ip-address

Multicast IP address.

service-policy

Specifies the tunnel QoS policy for multicast access points.

output

Assigns a policy map name to the output.

policymap-name

Service policy map name.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure a multicast address used by all access points to receive multicast traffic when multicast forwarding is enabled:


Device(config)# ap capwap multicast 239.2.2.2

This example shows how to configure a tunnel multicast QoS service policy for multicast access points:


Device(config)# ap capwap multicast service-policy output tunnmulpolicy

ap capwap retransmit

To configure Control and Provisioning of Wireless Access Points (CAPWAP) control packet retransmit count and control packet retransmit interval under the AP profile, use the ap capwap retransmit command.

ap profile default-ap-profile

ap capwap retransmit {count retransmit-count | interval retransmit-interval}

Syntax Description

count retransmit-count

Specifies the access point CAPWAP control packet retransmit count.

Note

 

The count is from 3 to 8 seconds.

interval retransmit-interval

Specifies the access point CAPWAP control packet retransmit interval.

Note

 

The interval is from 2 to 5 seconds.

Command Default

None

Command Modes

AP profile configuration (config-ap-profile)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the CAPWAP control packet retransmit count for an access point:

Device# ap capwap retransmit count 3

This example shows how to configure the CAPWAP control packet retransmit interval for an access point:

Device# ap capwap retransmit interval 5

ap capwap timers

To configure advanced timer settings under the AP profile mode, use the ap capwap timers command.

ap profile default-ap-profile

ap capwap timers {discovery-timeout seconds | fast-heartbeat-timeout local seconds | heartbeat-timeout seconds | primary-discovery-timeout seconds | primed-join-timeout seconds}

Syntax Description

discovery-timeout

Specifies the Cisco lightweight access point discovery timeout.

Note

 

The Cisco lightweight access point discovery timeout is how long a Cisco device waits for an unresponsive access point to answer before considering that the access point failed to respond.

seconds

Cisco lightweight access point discovery timeout from 1 to 10 seconds.

Note

 

The default is 10 seconds.

fast-heartbeat-timeout local

Enables the fast heartbeat timer that reduces the amount of time it takes to detect a device failure for local or all access points.

seconds

Small heartbeat interval (from 1 to 10 seconds) that reduces the amount of time it takes to detect a device failure.

Note

 

The fast heartbeat time-out interval is disabled by default.

heartbeat-timeout

Specifies the Cisco lightweight access point heartbeat timeout.

Note

 

The Cisco lightweight access point heartbeat timeout controls how often the Cisco lightweight access point sends a heartbeat keep-alive signal to the Cisco device.

This value should be at least three times larger than the fast heartbeat timer.

seconds

Cisco lightweight access point heartbeat timeout value from 1 to 30 seconds.

Note

 

The default is 30 seconds.

primary-discovery-timeout

Specifies the access point primary discovery request timer. The timer determines the amount of time taken by an access point to discovery the configured primary, secondary, or tertiary device.

seconds

Access point primary discovery request timer from 30 to 3600 seconds.

Note

 

The default is 120 seconds.

primed-join-timeout

Specifies the authentication timeout. Determines the time taken by an access point to determine that the primary device has become unresponsive. The access point makes no further attempts to join the device until the connection to the device is restored.

seconds

Authentication response timeout from 120 to 43200 seconds.

Note

 

The default is 120 seconds.

Command Default

None

Command Modes

AP profile mode (config-ap-profile)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure an access point discovery timeout with the timeout value of 7:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers discovery-timeout 7

This example shows how to enable the fast heartbeat interval for all access points:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers fast-heartbeat-timeout 6

This example shows how to configure an access point heartbeat timeout to 20:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers heartbeat-timeout 20

This example shows how to configure the access point primary discovery request timer to 1200 seconds:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers primary-discovery-timeout 1200

This example shows how to configure the authentication timeout to 360 seconds:

Device(config)# ap profile default-ap-profile

Device(config-ap-profile)# ap capwap timers primed-join-timeout 360

ap cisco-dna token

To configure Cisco DNA token, use the ap cisco-dna token command. To disable the configuration, use the no form of the command.

ap cisco-dna token { 0 | 8 } <cisco-token-number>

no ap cisco-dna token

Syntax Description

Cisco-dna

Configures Cisco DNA parameters.

token

Configures Cisco DNA token.

Command Default

None

Command Modes

Global Configuration mode

Command History

Release Modification
Cisco IOS XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

None

Examples

The following example shows how to configure Cisco DNA token:

Device(config)# ap cisco-dna token 0 <cisco-token-number>

ap country

To configure one or more country codes for a device, use the ap country command.

ap country country-code

Syntax Description

country-code

Two-letter or three-letter country code or several country codes separated by a comma.

Command Default

US (country code of the United States of America).

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Cisco IOS XE Amsterdam 17.3.1

This command has been deprecated.

Note

 

From Cisco IOS XE Amsterdam 17.3.1 onwards, the command ap country is deprecated and renamed as wireless country <1 country code>, where you can enter country codes for more than 20 countries. Although the existing command ap country is still functional, it is recommended that you use the wireless country <1 country code> command.

Usage Guidelines

The Cisco device must be installed by a network administrator or qualified IT professional and the installer must select the proper country code. Following installation, access to the unit should be password protected by the installer to maintain compliance with regulatory requirements and to ensure proper unit functionality. See the related product guide for the most recent country codes and regulatory domains.

Examples

This example shows how to configure country codes on the device to IN (India) and FR (France):

Device(config)# ap country IN,FR

ap dot11 24ghz | 5ghz dot11ax spatial-reuse obss-pd

To configure the 802.11ax OBSS PD based spatial reuse on all 2.4-GHz or 5-GHz radios, use the ap dot11 { 24ghz | 5ghz} dot11ax spatial-reuse obss-pd command. To disable the OBSS based spatial reuse feature, use the no form of this command.

ap dot11 { 24ghz | 5ghz } dot11ax spatial-reuse obss-pd

no ap dot11 { 24ghz | 5ghz } dot11ax spatial-reuse obss-pd

Syntax Description

This command has no arguments or keywords.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.4.1

This command was introduced.

Examples

The following example shows how to configure the 802.11ax OBSS PD based spatial reuse:

Device(config)# ap dot11 24ghz or 5ghz dot11ax spatial-reuse obss-pd 

ap dot11 24ghz | 5ghz dot11ax spatial-reuse obss-pd non-srg-max

To configure 802.11ax non-Spatial Reuse Groups (SRG) OBSS PD max on all 2.4-GHz or 5-GHz radios, use the ap dot11 { 24ghz | 5ghz} dot11ax spatial-reuse obss-pd non-srg-max -82 - -62 command. To disable the 802.11ax non-Spatial Reuse Groups (SRG) OBSS PD max on all 2.4-GHz or 5-GHz radios, use the no form of this command.

ap dot11 { 24ghz | 5ghz } dot11ax spatial-reuse obss-pd non-srg-max -82 - -62

no ap dot11 { 24ghz | 5ghz } dot11ax spatial-reuse obss-pd non-srg-max -82 - -62

Syntax Description

-82 - -62

Specifies the non-SRG OBSS PD max value in dBm

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.4.1

This command was introduced.

Examples

The following example shows how to configure 802.11ax non-SRG OBSS PD max on all 2.4-GHz or 5-GHz radios.:

Device(config)# ap dot11 24ghz or 5ghz dot11ax spatial-reuse obss-pd non-srg-max -80

ap dot11 24ghz | 5ghz rrm ndp-mode

To configure the operating mode for 802.11a neighbor discovery, use the ap dot11 { 24ghz | 5ghz} rrm ndp-mode command.

ap dot11 { 24ghz | 5ghz } rrm ndp-mode { auto | off-channel }

Syntax Description

auto

Enables the auto mode.

off-channel

Enables NDP packets on RF ASIC radio.

Command Modes

Global configuration (config)

Command History

Release Modification
Cisco IOS XE Bengaluru 17.5.1

This command was introduced.

Examples

The following example shows how to configure the operating mode for 802.11a neighbor discovery:

Device# configure terminal
Device(config)# ap dot11 24ghz or 5ghz rrm ndp-mode auto

ap dot11 24ghz cleanair

To enable CleanAir for detecting 2.4-GHz devices, use the ap dot11 24ghz cleanair command in global configuration mode. To disable CleanAir for detecting 2.4-GHz devices, use the no form of this command.

ap dot11 24ghz cleanair

Syntax Description

This command has no arguments or keywords.

Command Default

Disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable this CleanAir command before you configure other CleanAir commands.

Examples

This example shows how to enable CleanAir for 2.4-GHz devices:


Device(config)# ap dot11 24ghz cleanair

default ap dot11 24ghz cleanair device

To configure the default state of report generation for 2.4-GHz interference devices, use the default ap dot11 24ghz cleanair device command in global configuration mode.

default ap dot11 24ghz cleanair device {ble-beacon | bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv | jammer | mw-oven | nonstd | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox | zigbee}

Syntax Description

ble-beacon

Configure the BLE beacon feature.

bt-discovery

Configures the alarm for Bluetooth interference devices.

bt-link

Configures the alarm for any Bluetooth link.

canopy

Configures the alarm for canopy interference devices.

cont-tx

Configures the alarm for continuous transmitters.

dect-like

Configures the alarm for Digital Enhanced Cordless Communication (DECT)-like phones.

fh

Configures the alarm for 802.11 frequency hopping devices.

inv

Configures the alarm for devices using spectrally inverted Wi-Fi signals.

jammer

Configures the alarm for jammer interference devices.

mw-oven

Configures the alarm for microwave ovens.

nonstd

Configures the alarm for devices using nonstandard Wi-Fi channels.

superag

Configures the alarm for 802.11 SuperAG interference devices.

tdd-tx

Configures the alarm for Time Division Duplex (TDD) transmitters.

video

Configures the alarm for video cameras.

wimax-fixed

Configures the alarm for WiMax fixed interference devices.

wimax-mobile

Configures the alarm for WiMax mobile interference devices.

xbox

Configures the alarm for Xbox interference devices.

zigbee

Configures the alarm for 802.15.4 interference devices.

Command Default

The alarm for Wi-Fi inverted devices is enabled. The alarm for all other devices is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

This command was modified. The ble-beacon keyword was added.

Usage Guidelines

You must enable CleanAir using the ap dot11 24ghz cleanair command before you configure this command.

Examples

This example shows how to enable CleanAir to report when a video camera interferes:


Device(config)# default ap dot11 24ghz cleanair device video

ap dot11 24ghz dot11g

To enable the Cisco wireless LAN solution 802.11g network, use the ap dot11 24ghz dot11g command. To disable the Cisco wireless LAN solution 802.11g network, use the no form of this command.

ap dot11 24ghz dot11g

no ap dot11 24ghz dot11g

Syntax Description

This command has no keywords and arguments.

Command Default

Enabled

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Before you enter the ap dot11 24ghz dot11g command, disable the 802.11 Cisco radio with the ap dot11 24ghz shutdown command.

After you configure the support for the 802.11g network, use the no ap dot11 24ghz shutdown command to enable the 802.11 2.4 Ghz radio.

Examples

This example shows how to enable the 802.11g network:

Device(config)# ap dot11 24ghz dot11g

ap dot11 24ghz rate

To configure 802.11b operational rates, use the ap dot11 24ghz rate command.

ap dot11 24ghz rate {RATE_11M | RATE_12M | RATE_18M | RATE_1M | RATE_24M | RATE_2M | RATE_36M | RATE_48M | RATE_54M | RATE_5_5M | RATE_6M | RATE_9M} {disable | mandatory | supported}

Syntax Description

RATE_11M

Configures the data to be transmitted at the rate of 11 Mbps

RATE_12M

Configures the data to be transmitted at the rate of 12 Mbps

RATE_18M

Configures the data to be transmitted at the rate of 18 Mbps

RATE_1M

Configures the data to be transmitted at the rate of 1 Mbps

RATE_24M

Configures the data to be transmitted at the rate of 24 Mbps

RATE_2M

Configures the data to be transmitted at the rate of 2 Mbps

RATE_36M

Configures the data to be transmitted at the rate of 36 Mbps

RATE_48M

Configures the data to be transmitted at the rate of 48 Mbps

RATE_54M

Configures the data to be transmitted at the rate of 54 Mbps

RATE_5_5M

Configures the data to be transmitted at the rate of 5.5 Mbps

RATE_6M

Configures the data to be transmitted at the rate of 6 Mbps

RATE_9M

Configures the data to be transmitted at the rate of 9 Mbps

disable

Disables the data rate that you specify. Also defines that the clients specify the data rates used for communication.

mandatory

Defines that the clients support this data rate in order to associate with an AP.

supported

Any associated clients support this data rate can communicate with the AP using this rate. However, the clients are not required to use this rate to associate with the AP.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure 802.11b operational rate to 9 Mbps and make it mandatory:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rate RATE_9M mandatory

ap dot11 24ghz rrm channel cleanair-event

To enable Event-Driven RRM (EDRRM) and the sensitivity for 2.4-GHz devices, use the ap dot11 24ghz rrm channel cleanair-event command in global configuration mode. To disable EDRRM, use the no form of this command.

ap dot11 24ghz rrm channel cleanair-event sensitivity {high | low | medium}

no ap dot11 24ghz rrm channel cleanair-event [ sensitivity{ high | low | medium}]

Syntax Description

sensitivity

(Optional) Configures the EDRRM sensitivity of the CleanAir event.

high

(Optional) Specifies the highest sensitivity to non-Wi–Fi interference as indicated by the air quality (AQ) value.

low

(Optional) Specifies the least sensitivity to non-Wi–Fi interference as indicated by the AQ value.

medium

(Optional) Specifies medium sensitivity to non-Wi–Fi interference as indicated by the AQ value.

Command Default

EDRRM is disabled and the sensitivity is low.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable EDRRM using the ap dot11 24ghz rrm channel cleanair-event command before you configure the sensitivity.

Examples

This example shows how to enable EDRRM and set the EDRRM sensitivity to low:

Device(config)# ap dot11 24ghz rrm channel cleanair-event 
Device(config)# ap dot11 24ghz rrm channel cleanair-event sensitivity low

ap dot11 24ghz rrm channel device

To configure persistent non-Wi-Fi device avoidance in the 802.11b channel, use the ap dot11 24ghz rrm channel device command in global configuration mode. To disable persistent device avoidance, use the no form of this command.

ap dot11 24ghz rrm channel device

no ap dot11 24ghz rrm channel device

Syntax Description

This command has no arguments or keywords.

Command Default

Persistent device avoidance is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CleanAir-capable monitor mode access points collect information about persistent devices on all configured channels and stores the information in the device. Local and bridge mode access points detect interference devices on the serving channels only.

Examples

This example shows how to enable persistent device avoidance:

Device(config)# ap dot11 24ghz rrm channel device

ap dot11 24ghz rrm optimized-roam

To configure optimized roaming for 802.11b network, use the ap dot11 24ghz rrm optimized-roam command.

ap dot11 24ghz rrm optimized-roam [ data-rate-threshold {11M | 12M | 18M | 1M | 24M | 2M | 36M | 48M | 54M | 5_5M | 6M | 9M | disable}]

Syntax Description

data-rate-threshold

Configures the data rate threshold for 802.11b optimized roaming.

11M

Sets the data rate threshold for 802.11b optimized roaming to 11 Mbps

12M

Sets the data rate threshold for 802.11b optimized roaming to of 12 Mbps

18M

Sets the data rate threshold for 802.11b optimized roaming to of 18 Mbps

1M

Sets the data rate threshold for 802.11b optimized roaming to of 1 Mbps

24M

Sets the data rate threshold for 802.11b optimized roaming to of 24 Mbps

2M

Sets the data rate threshold for 802.11b optimized roaming to of 2 Mbps

36M

Sets the data rate threshold for 802.11b optimized roaming to of 36 Mbps

48M

Sets the data rate threshold for 802.11b optimized roaming to of 48 Mbps

54M

Sets the data rate threshold for 802.11b optimized roaming to of 54 Mbps

5_5M

Sets the data rate threshold for 802.11b optimized roaming to of 5.5 Mbps

6M

Sets the data rate threshold for 802.11b optimized roaming to of 6 Mbps

9M

Sets the data rate threshold for 802.11b optimized roaming to of 9 Mbps

disable

Disables the data rate threshold.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure optimized roaming for 802.11b network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rrm optimized-roam

ap dot11 24ghz rx-sop threshold

To configure 802.11b radio receiver start-of-packet (RxSOP), use the ap dot11 24ghz rx-sop threshold command.

ap dot11 24ghz rx-sop threshold {auto | high | low | medium | custom rxsop-value}

Syntax Description

auto

Reverts RxSOP value to the default value.

high

Sets the RxSOP value to high threshold (–79 dBm).

medium

Sets the RxSOP value to medium threshold (–82 dBm).

low

Sets the RxSOP value to low threshold (–85 dBm).

custom rxsop-value

Sets the RxSOP value to custom threshold (–85 dBm to –60 dBm)

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Usage Guidelines

RxSOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows the RxSOP threshold values for high, medium, low, and custom levels for 2.4-GHz band.

Table 2. RxSOP Thresholds for 2.4-GHz Band
High Threshold Medium Threshold Low Threshold Custom Threshold

–79 dBm

–82 dBm

–85 dBm

–85 dBm to –60 dBm

Examples

The following example shows how to configure 802.11b radio receiver start-of-packet (RxSOP) value to auto:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rx-sop threshold auto

ap dot11 24ghz shutdown

To disable 802.11a network, use the ap dot11 24ghz shutdown command.

ap dot11 24ghz shutdown

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to disable the 802.11a network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz shutdown

ap dot11 5ghz channelswitch quiet

To configure the 802.11h channel switch quiet mode, use the ap dot11 5ghz channelswitch quiet command.

ap dot11 5ghz channelswitch quiet

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure the 802.11h channel switch quiet mode:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz channelswitch quiet

ap dot11 5ghz cleanair

To enable CleanAir for detecting 5-GHz devices, use the ap dot11 5ghz cleanair command in global configuration mode.

ap dot11 5ghz cleanair

Command Default

Disabled.

Command Modes

Global configuration.

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable this CleanAir command before you configure other CleanAir commands.

Examples

This example shows how to enable CleanAir for 5-GHz devices:


Device(config)# ap dot11 5ghz cleanair

default ap dot11 5ghz cleanair device

To configure the default state of the alarm for 5-GHz interference devices, use the default ap dot11 5ghz cleanair device command in global configuration mode.

default ap dot11 5ghz cleanair device {canopy | cont-tx | dect-like | inv | jammer | nonstd | radar | report | superag | tdd-tx | video | wimax-fixed | wimax-mobile}

Syntax Description

canopy

Configures the alarm for canopy interference devices.

cont-tx

Configures the alarm for continuous transmitters.

dect-like

Configures the alarm for Digital Enhanced Cordless Communication (DECT)-like phones.

inv

Configures the alarm for devices using spectrally inverted Wi-Fi signals.

jammer

Configures the alarm for jammer interference devices.

nonstd

Configures the alarm for devices using nonstandard Wi-Fi channels.

radar

Configures the alarm for radars.

report

Enables interference device reports.

superag

Configures the alarm for 802.11 SuperAG interference devices.

tdd-tx

Configures the alarm for Time Division Duplex (TDD) transmitters.

video

Configures the alarm for video cameras.

wimax-fixed

Configures the alarm for WiMax fixed interference devices.

wimax-mobile

Configures the alarm for WiMax mobile interference devices.

Command Default

The alarm for Wi-Fi inverted devices is enabled. The alarm for all other interference devices is disabled.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable CleanAir using the ap dot11 5ghz cleanair command before you configure this command.

Examples

This example shows how to enable CleanAir to report when a video camera interferes:


Device(config)# default ap dot11 5ghz cleanair device video

ap dot11 5ghz power-constraint

To configure the 802.11h power constraint value, use the ap dot11 5ghz power-constraint command. To remove the 802.11h power constraint value, use the no form of this command.

ap dot11 5ghz power-constraint value

no ap dot11 5ghz power-constraint

Syntax Description

value

802.11h power constraint value.

Note

 

The range is from 0 to 30 dBm.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the 802.11h power constraint to 5 dBm:


Device(config)# ap dot11 5ghz power-constraint 5

ap dot11 5ghz rate

To configure 802.11a operational rates, use the ap dot11 5ghz rate command.

ap dot11 5ghz rate {RATE_12M | RATE_18M | RATE_24M | RATE_36M | RATE_48M | RATE_54M | RATE_6M | RATE_9M} {disable | mandatory | supported}

Syntax Description

RATE_12M

Configures the data to be transmitted at the rate of 12 Mbps

RATE_18M

Configures the data to be transmitted at the rate of 18 Mbps

RATE_24M

Configures the data to be transmitted at the rate of 24 Mbps

RATE_36M

Configures the data to be transmitted at the rate of 36 Mbps

RATE_48M

Configures the data to be transmitted at the rate of 48 Mbps

RATE_54M

Configures the data to be transmitted at the rate of 54 Mbps

RATE_6M

Configures the data to be transmitted at the rate of 6 Mbps

RATE_9M

Configures the data to be transmitted at the rate of 9 Mbps

disable

Disables the data rate that you specify. Also defines that the clients specify the data rates used for communication.

mandatory

Defines that the clients support this data rate in order to associate with an AP.

supported

Any associated clients support this data rate can communicate with the AP using this rate. However, the clients are not required to use this rate to associate with the AP.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure 802.11a operational rate to 24 Mbps and make it supported:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz rate RATE_24M supported

ap dot11 5ghz rrm channel cleanair-event

To enable Event-Driven RRM (EDRRM) and configure the sensitivity for 5-GHz devices, use the ap dot11 5ghz rrm channel cleanair-event command in global configuration mode. To disable EDRRM, use the no form of the command.

ap dot11 5ghz rrm channel cleanair-event [ sensitivity {high | low | medium}]

no ap dot11 5ghz rrm channel cleanair-event [ sensitivity {high | low | medium}]

Syntax Description

sensitivity

(Optional) Configures the EDRRM sensitivity of the CleanAir event.

high

(Optional) Specifies the highest sensitivity to non-Wi–Fi interference as indicated by the air quality (AQ) value.

low

(Optional) Specifies the least sensitivity to non-Wi–Fi interference as indicated by the AQ value.

medium

(Optional) Specifies medium sensitivity to non-Wi–Fi interference as indicated by the AQ value.

Command Default

EDRRM is disabled and the EDRRM sensitivity is low.

Command Modes

Global configuration (config).

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

You must enable EDRRM using the ap dot11 5ghz rrm channel cleanair-event command before you configure the sensitivity.

Examples

This example shows how to enable EDRRM and set the EDRRM sensitivity to high:

Device(config)# ap dot11 5ghz rrm channel cleanair-event 
Device(config)# ap dot11 5ghz rrm channel cleanair-event sensitivity high

ap dot11 5ghz rrm channel device

To configure persistent non-Wi-Fi device avoidance in the 802.11a channel, use the ap dot11 5ghz rrm channel device command in global configuration mode. To disable persistent device avoidance, use the no form of this command.

ap dot11 5ghz rrm channel device

no ap dot11 5ghz rrm channel device

Syntax Description

This command has no arguments or keywords.

Command Default

The CleanAir persistent device state is disabled.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CleanAir-capable monitor mode access points collect information about persistent devices on all configured channels and stores the information in the device. Local and bridge mode access points detect interference devices on the serving channels only.

Examples

This example shows how to enable persistent device avoidance on 802.11a devices:

Device(config)# ap dot11 5ghz rrm channel device

ap dot11 5ghz rx-sop threshold

To configure 802.11a radio receiver start-of-packet (RxSOP), use the ap dot11 5ghz rx-sop threshold command.

ap dot11 5ghz rx-sop threshold {auto | high | low | medium | custom rxsop-value}

Syntax Description

auto

Reverts RxSOP value to the default value.

high

Sets the RxSOP value to high threshold (–76 dBm).

medium

Sets the RxSOP value to medium threshold (–78 dBm).

low

Sets the RxSOP value to low threshold (–80 dBm).

custom rxsop-value

Sets the RxSOP value to custom threshold (–85 dBm to –60 dBm)

Command Default

None

Command Modes

config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Usage Guidelines

RxSOP determines the Wi-Fi signal level in dBm at which an access point's radio demodulates and decodes a packet. Higher the level, less sensitive the radio is and smaller the receiver cell size. The table below shows the RxSOP threshold values for high, medium, low, and custom levels for 5-GHz band.

Table 3. RxSOP Thresholds for 5-GHz Band
High Threshold Medium Threshold Low Threshold Custom Threshold

–76 dBm

–78 dBm

–80 dBm

–85 dBm to –60 dBm

Examples

The following example shows how to configure 802.11b radio receiver start-of-packet (RxSOP) value to a custom value of –70 dBm:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 24ghz rx-sop threshold custom -70

ap dot11 5ghz shutdown

To disable 802.11a network, use the ap dot11 5ghz shutdown command.

ap dot11 5ghz shutdown

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to disable the 802.11a network:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz shutdown

ap dot11 5ghz smart-dfs

To configure to use nonoccupancy time for radar interference channel, use the ap dot11 5ghz smart-dfs command.

ap dot11 5ghz smart-dfs

Command Default

None

Command Modes

config

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to configure to use nonoccupancy time for radar interference channel:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz smart-dfs

ap dot11

To configure Spectrum Intelligence (SI) on Qualcomm based 2.4 GHz or 5 GHz radios, use the ap dot11 SI command.

ap dot11 {24ghz | 5ghz } SI

Syntax Description

24ghz

2.4 GHz radio

5ghz

5 GHz radio

SI

Enable Spectrum Intelligence (SI). [no] in the command disasbles SI.

Command Default

None

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced in a release earlier than Cisco IOS XE Gibraltar 16.10.1.

Examples

The following example shows how to enable SI on 5GHz radio:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap dot11 5ghz SI

ap dot11 beaconperiod

To change the beacon period globally for 2.4 GHz or 5 GHz bands, use the ap dot11 beaconperiod command.


Note


Disable the 802.11 network before using this command. See the “Usage Guidelines” section.


ap dot11 {24ghz | 5ghz} beaconperiod time

Syntax Description

24ghz

Specifies the settings for 2.4 GHz band.

5ghz

Specifies the settings for 5 GHz band.

beaconperiod

Specifies the beacon for a network globally.

time

Beacon interval in time units (TU). One TU is 1024 microseconds. The range is from 20 to 1000.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

In Cisco wireless LAN 802.11 networks, all Cisco lightweight access point wireless LANs broadcast a beacon at regular intervals. This beacon notifies clients that the wireless service is available and allows the clients to synchronize with the lightweight access point.

Before you change the beacon period, make sure that you have disabled the 802.11 network by using the ap dot11 {24ghz | 5ghz} shutdown command. After changing the beacon period, enable the 802.11 network by using the no ap dot11 {24ghz | 5ghz} shutdown command.

Examples

This example shows how to configure the 5 GHZ band for a beacon period of 120 time units:

Device(config)# ap dot11 5ghz beaconperiod 120

ap dot11 cac media-stream

To configure media stream Call Admission Control (CAC) voice and video quality parameters for 2.4 GHz and 5 GHz bands, use the ap dot11 cac media-stream command.

ap dot11 {24ghz | 5ghz} cac media-stream multicast-direct {max-retry-percent retryPercent | min-client-rate {eighteen | eleven | fiftyFour | fivePointFive | fortyEight | nine | oneFifty | oneFortyFourPointFour | oneThirty | oneThirtyFive | seventyTwoPointTwo | six | sixtyFive | thirtySix | threeHundred | twelve | twentyFour | two | twoSeventy}}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

multicast-direct

Specifies CAC parameters for multicast-direct media streams.

max-retry-percent

Specifies the percentage of maximum retries that are allowed for multicast-direct media streams.

retryPercent

Percentage of maximum retries that are allowed for multicast-direct media streams.

Note

 

The range is from 0 to 100.

min-client-rate

Specifies the minimum transmission data rate to the client for multicast-direct media streams (rate at which the client must transmit in order to receive multicast-direct unicast streams).

If the transmission rate is below this rate, either the video will not start or the client may be classified as a bad client. The bad client video can be demoted for better effort QoS or subject to denial.

min-client-rate

You can choose the following rates:

  • eighteen

  • eleven

  • fiftyFour

  • fivePointFive

  • fortyEight

  • nine

  • one

  • oneFifty

  • oneFortyFourPointFour

  • oneThirty

  • oneThirtyFive

  • seventyTwoPointTwo

  • six

  • sixtyFive

  • thirtySix

  • threeHundred

  • twelve

  • twentyFour

  • two

  • twoSeventy

Command Default

The default value for the maximum retry percent is 80. If it exceeds 80, either the video will not start or the client might be classified as a bad client. The bad client video will be demoted for better effort QoS or is subject to denial.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to configure the maximum retry percent for multicast-direct media streams as 90 on a 802.11a network:

Device(config)# ap dot11 5ghz cac media-stream multicast max-retry-percent 90

ap dot11 cac multimedia

To configure multimedia Call Admission Control (CAC) voice and video quality parameters for 2.4 GHz and 5 GHz bands, use the ap dot11 cac multimedia command.

ap dot11 {24ghz | 5ghz} cac multimedia max-bandwidth bandwidth

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

max-bandwidth

Specifies the percentage of maximum bandwidth allocated to Wi-Fi Multimedia (WMM) clients for voice and video applications on the 2.4 GHz or 5 GHz band.

bandwidth

Percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 802.11a or 802.11b/g network. Once the client reaches the specified value, the access point rejects new multimedia flows this radio band. The range is from 5 to 85%.

Command Default

The default value is 75%.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to configure the percentage of the maximum bandwidth allocated to WMM clients for voice and video applications on the 5 GHz band:

Device(config)# ap dot11 5ghz cac multimedia max-bandwidth 5

ap dot11 cac voice

To configure Call Admission Control (CAC) parameters for the voice category, use the ap dot11 cac voice command.

ap dot11 {24ghz | 5ghz} cac voice {acm | load-based | max-bandwidth value | roam-bandwidth value | sip [bandwidth bw] sample-interval value | stream-size x max-streams y | tspec-inactivity-timeout {enable | ignore}}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

acm

Enables bandwidth-based voice CAC for the 2.4 GHz or 5 GHz band.

Note

 

To disable bandwidth-based voice CAC for the 2.4 GHz or 5 GHz band, use the no ap dot11 {24ghz | 5ghz} cac voice acm command.

load-based

Enable load-based CAC on voice access category.

Note

 

To disable load-based CAC on voice access category for the 2.4 GHz or 5 GHz band, use the no ap dot11 {24ghz | 5ghz} cac voice load-based command.

max-bandwidth

Sets the percentage of the maximum bandwidth allocated to clients for voice applications on the 2.4 GHz or 5 GHz band.

value

Bandwidth percentage value from 5 to 85%.

roam-bandwidth

Sets the percentage of the CAC maximum allocated bandwidth reserved for roaming voice clients on the 2.4 GHz or 5 GHz band.

value

Bandwidth percentage value from 0 to 85%.

sip

Specifies the CAC codec name and sample interval as parameters and calculates the required bandwidth per call for the 802.11 networks.

bandwidth

(Optional) Specifies bandwidth for a SIP-based call.

bw
Bandwidth in kbps. The following bandwidth values specify parameters for the SIP codecs:
  • 64kbps—Specifies CAC parameters for the SIP G711 codec.

  • 8kbps—Specifies CAC parameters for the SIP G729 codec.

Note

 

The default value is 64 Kbps.

sample-interval

Specifies the packetization interval for SIP codec.

value

Packetization interval in msecs. The sample interval for SIP codec value is 20 seconds.

stream-size

Specifies the number of aggregated voice Wi-Fi Multimedia (WMM) traffic specification (TSPEC) streams at a specified data rate for the 2.4 GHz or 5 GHz band.

x

Stream size. The range of the stream size is from 84000 to 92100.

max-streams

Specifies the maximum number of streams per TSPEC.

y

Number (1 to 5) of voice streams.

Note

 

The default number of streams is 2 and the mean data rate of a stream is 84 kbps.

tspec-inactivity-timeout
Specifies TSPEC inactivity timeout processing mode.

Note

 

Use this keyword to process or ignore the Wi-Fi Multimedia (WMM) traffic specifications (TSPEC) inactivity timeout received from an access point. When the inactivity timeout is ignored, a client TSPEC is not deleted even if the access point reports an inactivity timeout for that client.

enable

Processes the TSPEC inactivity timeout messages.

ignore

Ignores the TSPEC inactivity timeout messages.

Note

 

The default is ignore (disabled).

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

CAC commands require that the WLAN you are planning to modify is configured for the Wi-Fi Multimedia (WMM) protocol and the quality of service (QoS) level be set to Platinum.

Before you can configure CAC parameters on a network, you must complete the following prerequisites:

  • Disable all WLANs with WMM enabled by entering the wlan wlan_name shutdown command.

  • Disable the radio network you want to configure by entering the ap dot11 {24ghz | 5ghz} shutdown command.

  • Save the new configuration.

  • Enable voice or video CAC for the network you want to configure by entering the ap dot11 {24ghz | 5ghz} cac voice acm or ap dot11 {24ghz | 5ghz} cac video acm commands.

Examples

This example shows how to enable the bandwidth-based CAC:

Device(config)# ap dot11 24ghz cac voice acm

This example shows how to enable the load-based CAC on the voice access category:

Device(config)# ap dot11 24ghz cac voice load-based

This example shows how to specify the percentage of the maximum allocated bandwidth for voice applications on the selected radio band:

Device(config)# ap dot11 24ghz cac voice max-bandwidth 50

This example shows how to configure the percentage of the maximum allocated bandwidth reserved for roaming voice clients on the selected radio band:

Device(config)# ap dot11 24ghz cac voice roam-bandwidth 10

This example shows how to configure the bandwidth and voice packetization interval for the G729 SIP codec on a 2.4 GHz band:

Device(config)# ap dot11 24ghz cac voice sip bandwidth 8 sample-interval 40

This example shows how to configure the number of aggregated voice traffic specifications stream with a stream size of 85000 and with a maximum of 5 streams:

Device(config)# ap dot11 24ghz cac voice stream-size 85000 max-streams 5

This example shows how to enable the voice TSPEC inactivity timeout messages received from an access point:

Device(config)# ap dot11 24ghz cac voice tspec-inactivity-timeout enable

ap dot11 cleanair

To configure CleanAir on 802.11 networks, use the ap dot11 cleanair command. To disable CleanAir on 802.11 networks, use the no form of this command.

ap dot11 {24ghz | 5ghz} cleanair

no ap dot11 {24ghz | 5ghz} cleanair

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

cleanair

Specifies CleanAir on the 2.4 GHz or 5 GHz band.

Command Default

Disabled

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to enable the CleanAir settings on the 2.4 GHz band:


Device(config)# ap dot11 24ghz cleanair

ap dot11 cleanair device

To configure CleanAir interference device types, use the ap dot11 cleanair device command.

ap dot11 24ghz cleanair device [all | bt-discovery | bt-link | canopy | cont-tx | dect-like | fh | inv | jammer | mw-oven | nonstd | superag | tdd-tx | video | wimax-fixed | wimax-mobile | xbox | zigbee]

Syntax Description

all

Specifies all device types.

device

Specifies the CleanAir interference device type.

bt-discovery

Specifies the Bluetooth device in discovery mode.

bt-link

Specifies the Bluetooth active link.

canopy

Specifies the Canopy devices.

cont-tx

Specifies the continuous transmitter.

dect-like

Specifies a Digital Enhanced Cordless Communication (DECT)-like phone.

fh

Specifies the 802.11 frequency hopping devices.

inv

Specifies the devices using spectrally inverted Wi-Fi signals.

jammer

Specifies the jammer.

mw-oven

Specifies the microwave oven devices.

nonstd

Specifies the devices using nonstandard Wi-Fi channels.

superag

Specifies 802.11 SuperAG devices.

tdd-tx

Specifies the TDD transmitter.

video

Specifies video cameras.

wimax-fixed

Specifies a WiMax fixed device.

wimax-mobile

Specifies a WiMax mobile device.

xbox

Configures the alarm for Xbox interference devices.

zigbee

Configures the alarm for 802.15.4 interference devices.

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

This example shows how to configure the device to monitor ZigBee interferences:

Device(config)# ap dot11 24ghz cleanair device report

ap dot11 dot11n

To configure settings for an 802.11n network, use the ap dot11 dot11n command.

ap dot11 {24ghz | 5ghz} dot11n {a-mpdu tx priority { priority_value all } | scheduler timeout rt scheduler_value} | a-msdu tx priority {priority_value | all} | guard-interval {any | long} | mcs tx rate | rifs rx}

Syntax Description

24ghz

Specifies the 2.4-GHz band.

5ghz

Specifies the 5-GHz band.

dot11n

Enables 802.11n support.

a-mpdu tx priority

Specifies the traffic that is associated with the priority level that uses Aggregated MAC Protocol Data Unit (A-MPDU) transmission.

priority_value

Aggregated MAC protocol data unit priority level from 0 to 7.

all

Specifies all of the priority levels at once.

a-msdu tx priority

Specifies the traffic that is associated with the priority level that uses Aggregated MAC Service Data Unit (A-MSDU) transmission.

priority_value

Aggregated MAC protocol data unit priority level from 0 to 7.

all

Specifies all of the priority levels at once.

scheduler timeout rt

Configures the 802.11n A-MPDU transmit aggregation scheduler timeout value in milliseconds.

scheduler_value

The 802.11n A-MPDU transmit aggregation scheduler timeout value from 1 to 10000 milliseconds.

guard-interval

Specifies the guard interval.

any

Enables either a short or a long guard interval.

long

Enables only a long guard interval.

mcs tx rate

Specifies the modulation and coding scheme (MCS) rates at which data can be transmitted between the access point and the client.

rate

Specifies the modulation and coding scheme data rates.

Note

 

The range is from 0 to 23.

rifs rx

Specifies the Reduced Interframe Space (RIFS) between data frames.

Command Default

By default, priority 0 is enabled.

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

Aggregation is the process of grouping packet data frames together rather than transmitting them separately. The two aggregation methods available are:
  • A-MPDU—This aggregation is performed in the software.
  • A-MSDU—This aggregation is performed in the hardware

Aggregated MAC Protocol Data Unit priority levels assigned per traffic type are as follows:

  • 0—Best effort

  • 1—Background

  • 2—Spare

  • 3—Excellent effort

  • 4—Controlled load

  • 5—Video, less than 100-ms latency and jitter

  • 6—Voice, less than 10-ms latency and jitter

  • 7—Network control

  • all—Configure all of the priority levels at once.


Note


Configure the priority levels to match the aggregation method used by the clients.


Examples

This example shows how to enable 802.11n support on a 2.4-GHz band:


Device(config)# ap dot11 24ghz dot11n

This example shows how to configure all the priority levels at once so that the traffic that is associated with the priority level uses A-MSDU transmission:


Device(config)# ap dot11 24ghz dot11n a-msdu tx priority all

This example shows how to enable only long guard intervals:


Device(config)# ap dot11 24ghz dot11n guard-interval long

This example shows how to specify MCS rates:


Device(config)# ap dot11 24ghz dot11n mcs tx 5

This example shows how to enable RIFS:


Device(config)# ap dot11 24ghz dot11n rifs rx

ap dot11 dtpc

To configure Dynamic Transmit Power Control (DTPC) settings, Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature, and the fragmentation threshold on an 802.11 network, use the ap dot11 dtpc command.

ap dot11 {24ghz | 5ghz} {dtpc | exp-bwreq | fragmentation threshold}

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

dtpc

Specifies Dynamic Transport Power Control (DTPC) settings.

Note

 

This option is enabled by default.

exp-bwreq

Specifies Cisco Client eXtension (CCX) version 5 expedited bandwidth request feature.

Note

 

The expedited bandwidth request feature is disabled by default.

fragmentation threshold

Specifies the fragmentation threshold.

Note

 

This option can only used be when the network is disabled using the ap dot11 {24ghz | 5ghz} shutdown command.

threshold

Threshold. The range is from 256 to 2346 bytes (inclusive).

Command Default

None

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Usage Guidelines

When the CCX version 5 expedited bandwidth request feature is enabled, the device configures all joining access points for this feature.

Examples

This example shows how to enable DTPC for the 5 GHz band:

Device(config)# ap dot11 5ghz dtpc

This example shows how to enable the CCX expedited bandwidth settings:

Device(config)# ap dot11 5ghz exp-bwrep

This example shows how to configure the fragmentation threshold on the 5 GHz band with the threshold number of 1500 bytes:

Device(config)# ap dot11 5ghz fragmentation 1500

ap dot11 edca-parameters

To enable a specific enhanced distributed channel access (EDCA) profile on the 2.4 GHz or 5 GHz bands, use the ap dot11 edca-parameters command. To disable an EDCA profile on the 2.4 GHz or 5 GHz bands, use the no form of this command.

ap dot11 { 24ghz | 5ghz } edca-parameters { client-load-based | custom-voice | optimized-video-voice | optimized-voice | svp-voice | wmm-default }

no ap dot11 { 24ghz | 5ghz } edca-parameters { client-load-based | custom-voice | fastlane | optimized-video-voice | optimized-voice | svp-voice | wmm-default }

Syntax Description

24ghz

Specifies the 2.4 GHz band.

5ghz

Specifies the 5 GHz band.

edca-parameters

Specifies a specific enhanced distributed channel access (EDCA) profile on the 802.11 networks.

fastlane

Enables Fastlane parameters for 24GHz.

client-load-based

Enables client load-based EDCA configuration for 802.11 radios.

custom-voice

Enables custom voice EDCA parameters.

optimized-video-voice

Enables EDCA voice- and video-optimized profile parameters. Choose this option when both voice and video services are deployed on your network.

optimized-voice

Enables EDCA voice-optimized profile parameters. Choose this option when voice services other than SpectraLink are deployed on your network.

svp-voice

Enables SpectraLink voice priority parameters. Choose this option if SpectraLink phones are deployed on your network to improve the quality of calls.

wmm-default

Enables the Wi-Fi Multimedia (WMM) default parameters. Choose this option when voice or video services are not deployed on your network.

Command Default

wmm-default

Command Modes

Global configuration

Command History

Release

Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

10.3

The custom-voice keyword was removed for Cisco 5700 Series WLC.

Cisco IOS XE Bengaluru 17.5.1

The client-load-based keyword was added.

Examples

This example shows how to enable SpectraLink voice priority parameters:


Device(config)# ap dot11 24ghz edca-parameters svp-voice

ap dot11 load-balancing denial

To configure the load balancing denial count, use the ap dot11 load-balancingdenial command. To disable load balancing denial count, use the no form of the command.