show Commands
This section lists the show commands to display information about your security configuration settings for the controller.
show 802.11
To display basic 802.11a, 802.11b/g, or 802.11h network settings, use the show 802.11 command.
show 802.11{ a | b | h}
Syntax Description
a |
Specifies the 802.11a network. |
b |
Specifies the 802.11b/g network. |
h |
Specifies the 802.11h network. |
Command Default
None.
Examples
This example shows to display basic 802.11a network settings:
> show 802.11a
802.11a Network.................................. Enabled
11nSupport....................................... Enabled
802.11a Low Band........................... Enabled
802.11a Mid Band........................... Enabled
802.11a High Band.......................... Enabled
802.11a Operational Rates
802.11a 6M Rate.............................. Mandatory
802.11a 9M Rate.............................. Supported
802.11a 12M Rate............................. Mandatory
802.11a 18M Rate............................. Supported
802.11a 24M Rate............................. Mandatory
802.11a 36M Rate............................. Supported
802.11a 48M Rate............................. Supported
802.11a 54M Rate............................. Supported
802.11n MCS Settings:
MCS 0........................................ Supported
MCS 1........................................ Supported
MCS 2........................................ Supported
MCS 3........................................ Supported
MCS 4........................................ Supported
MCS 5........................................ Supported
MCS 6........................................ Supported
MCS 7........................................ Supported
MCS 8........................................ Supported
MCS 9........................................ Supported
MCS 10....................................... Supported
MCS 11....................................... Supported
MCS 12....................................... Supported
MCS 13....................................... Supported
MCS 14....................................... Supported
MCS 15....................................... Supported
802.11n Status:
A-MPDU Tx:
Priority 0............................... Enabled
Priority 1............................... Disabled
Priority 2............................... Disabled
Priority 3............................... Disabled
Priority 4............................... Disabled
Priority 5............................... Disabled
Priority 6............................... Disabled
Priority 7............................... Disabled
Beacon Interval.................................. 100
CF Pollable mandatory............................ Disabled
CF Poll Request mandatory........................ Disabled
--More-- or (q)uit
CFP Period....................................... 4
CFP Maximum Duration............................. 60
Default Channel.................................. 36
Default Tx Power Level........................... 0
DTPC Status..................................... Enabled
Fragmentation Threshold.......................... 2346
TI Threshold..................................... -50
Legacy Tx Beamforming setting.................... Disabled
Traffic Stream Metrics Status.................... Enabled
Expedited BW Request Status...................... Disabled
World Mode....................................... Enabled
EDCA profile type................................ default-wmm
Voice MAC optimization status.................... Disabled
Call Admission Control (CAC) configuration
Voice AC:
Voice AC - Admission control (ACM)............ Disabled
Voice max RF bandwidth........................ 75
Voice reserved roaming bandwidth.............. 6
Voice load-based CAC mode..................... Disabled
Voice tspec inactivity timeout................ Disabled
Voice Stream-Size............................. 84000
Voice Max-Streams............................. 2
Video AC:
Video AC - Admission control (ACM)............ Disabled
Video max RF bandwidth........................ Infinite
Video reserved roaming bandwidth.............. 0
This example shows how to display basic 802.11h network settings:
> show 802.11h
802.11h ......................................... powerconstraint : 0
802.11h ......................................... channelswitch : Disable
802.11h ......................................... channelswitch mode : 0
show aaa auth
To display the configuration settings for the AAA authentication server database, use the show aaa auth command.
show aaa auth
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display the configuration settings for the AAA authentication server database:
(Cisco Controller) > show aaa auth
Management authentication server order:
1............................................ local
2............................................ tacacs
show advanced eap
To display Extensible Authentication Protocol (EAP) settings, use the show advanced eap command.
show advanced eap
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display the EAP settings:
(Cisco Controller) > show advanced eap
EAP-Identity-Request Timeout (seconds)........... 1
EAP-Identity-Request Max Retries................. 20
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 1
EAP-Request Max Retries.......................... 20
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
show database summary
To display the maximum number of entries in the database, use the show database summary command.
show database summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following is a sample output of the show database summary command:
(Cisco Controller) > show database summary
Maximum Database Entries......................... 2048
Maximum Database Entries On Next Reboot.......... 2048
Database Contents
MAC Filter Entries........................... 2
Exclusion List Entries....................... 0
AP Authorization List Entries................ 1
Management Users............................. 1
Local Network Users.......................... 1
Local Users.............................. 1
Guest Users.............................. 0
Total..................................... 5
show exclusionlist
To display a summary of all clients on the manual exclusion list (blacklisted) from associating with this Cisco wireless LAN controller, use the show exclusionlist command.
show exclusionlist
Syntax Description
This command has no arguments or keywords.
Command Default
None
Usage Guidelines
This command displays all manually excluded MAC addresses.
Examples
The following example shows how to display the exclusion list:
(Cisco Controller) > show exclusionlist
No manually disabled clients.
Dynamically Disabled Clients
----------------------------
MAC Address Exclusion Reason Time Remaining (in secs)
----------- ---------------- ------------------------
00:40:96:b4:82:55 802.1X Failure 51
show local-auth certificates
To display local authentication certificate information, use the show local-auth certificates command:
show local-auth certificates
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display the authentication certificate information stored locally:
(Cisco Controller) > show local-auth certificates
show local-auth config
To display local authentication configuration information, use the show local-auth config command.
show local-auth config
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display the local authentication configuration information:
(Cisco Controller) > show local-auth config
User credentials database search order:
Primary ................................... Local DB
Configured EAP profiles:
Name ...................................... fast-test
Certificate issuer .................... default
Enabled methods ....................... fast
Configured on WLANs ................... 2
EAP Method configuration:
EAP-TLS:
Certificate issuer .................... default
Peer verification options:
Check against CA certificates ..... Enabled
Verify certificate CN identity .... Disabled
Check certificate date validity ... Enabled
EAP-FAST:
TTL for the PAC ....................... 3 600
Initial client message ................ <none>
Local certificate required ............ No
Client certificate required ........... No
Vendor certificate required ........... No
Anonymous provision allowed ........... Yes
Authenticator ID ...................... 7b7fffffff0000000000000000000000
Authority Information ................. Test
EAP Profile.................................... tls-prof
Enabled methods for this profile .......... tls
Active on WLANs ........................... 1 3EAP Method configuration:
EAP-TLS:
Certificate issuer used ............... cisco
Peer verification options:
Check against CA certificates ..... disabled
Verify certificate CN identity .... disabled
Check certificate date validity ... disabled
show local-auth statistics
To display local Extensible Authentication Protocol (EAP) authentication statistics, use the show local-auth statistics command:
show local-auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display the local authentication certificate statistics:
(Cisco Controller) > show local-auth statistics
Local EAP authentication DB statistics:
Requests received ............................... 14
Responses returned .............................. 14
Requests dropped (no EAP AVP) ................... 0
Requests dropped (other reasons) ................ 0
Authentication timeouts ......................... 0
Authentication statistics:
Method Success Fail
------------------------------------
Unknown 0 0
LEAP 0 0
EAP-FAST 2 0
EAP-TLS 0 0
PEAP 0 0
Local EAP credential request statistics:
Requests sent to LDAP DB ........................ 0
Requests sent to File DB ........................ 2
Requests failed (unable to send) ................ 0
Authentication results received:
Success ....................................... 2
Fail .......................................... 0
Certificate operations:
Local device certificate load failures .......... 0
Total peer certificates checked ................. 0
Failures:
CA issuer check ............................... 0
CN name not equal to identity ................. 0
Dates not valid or expired .................... 0
show netuser
To display the configuration of a particular user in the local user database, use the show netuser command.
show netuser { detail user_name | guest-roles | summary}
Syntax Description
detail |
Displays detailed information about the specified network user. |
user_name |
Network user. |
guest_roles |
Displays configured roles for guest users. |
summary |
Displays a summary of all users in the local user database. |
Command Default
None
Examples
The following is a sample output of the show netuser summary command:
(Cisco Controller) > show netuser summary
Maximum logins allowed for a given username ........Unlimited
The following is a sample output of the show netuser detail command:
(Cisco Controller) > show netuser detail john10
username........................................... abc
WLAN Id............................................. Any
Lifetime............................................ Permanent
Description......................................... test user
show network
To display the current status of 802.3 bridging for all WLANs, use the show network command.
show network
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display the network details:
(Cisco Controller) > show network
show network summary
To display the network configuration of the Cisco wireless LAN controller, use the show network summary command.
show network summary
Syntax Description
This command has no arguments or keywords.
Command Default
None.
Examples
This example shows how to display a summary configuration:
(Cisco Controller) >show network summary
RF-Network Name............................. RF
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Disable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Enable
Ethernet Multicast Mode..................... Disable Mode: Ucast
Ethernet Broadcast Mode..................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
AP Join Priority............................ Disable
ARP Idle Timeout............................ 300 seconds
ARP Unicast Mode............................ Disabled
Cisco AP Default Master..................... Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Over The Air Provisioning of AP's........... Enable
Apple Talk ................................. Disable
Mesh Full Sector DFS........................ Enable
AP Fallback ................................ Disable
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Fast SSID Change ........................... Disabled
AP Discovery - NAT IP Only ................. Enabled
IP/MAC Addr Binding Check .................. Enabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap-600 local-network ..................... Enable
Web Color Theme............................. Default
CAPWAP Prefer Mode.......................... IPv4
show ntp-keys
To display network time protocol authentication key details, use the show ntp-keys command.
show ntp-keys
Syntax Description
This command has no arguments or keywords.
Command Default
None
Command History
Release | Modification |
---|---|
7.6 | This command was introduced in a release earlier than Release 7.6. |
Examples
This example shows how to display NTP authentication key details:
(Cisco Controller) > show ntp-keys
Ntp Authentication Key Details...................
Key Index
-----------
1
3
show radius acct statistics
To display the RADIUS accounting server statistics for the Cisco wireless LAN controller, use the show radius acct statistics command.
show radius acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display RADIUS accounting server statistics:
(Cisco Controller) > show radius acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.1.17.10
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accounting Responses............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show radius auth statistics
To display the RADIUS authentication server statistics for the Cisco wireless LAN controller, use the show radius auth statistics command.
show radius auth statistics
This command has no arguments or keyword.
Command Default
None
Examples
The following example shows how to display RADIUS authentication server statistics:
(Cisco Controller) > show radius auth statistics
Authentication Servers:
Server Index..................................... 1
Server Address................................... 209.165.200.10
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show radius summary
To display the RADIUS authentication and accounting server summary, use the show radius summary command.
show radius summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a RADIUS authentication server summary:
(Cisco Controller) > show radius summary
Vendor Id Backward Compatibility................. Disabled
Credentials Caching.............................. Disabled
Call Station Id Type............................. IP Address
Administrative Authentication via RADIUS......... Enabled
Authentication Servers
Index Type Server Address Port State Tout RFC-3576 IPsec - AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ---------------
---------------------------------
Accounting Servers
Index Type Server Address Port State Tout RFC-3576 IPsec - AuthMod
e/Phase1/Group/Lifetime/Auth/Encr
----- ---- ---------------- ------ -------- ---- -------- ---------------
---------------------------------
show rules
To display the active internal firewall rules, use the show rules command.
show rules
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display active internal firewall rules:
(Cisco Controller) > show rules
--------------------------------------------------------
Rule ID.............: 3
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Source IP range:
(Local stack)
Destination IP range:
(Local stack)
--------------------------------------------------------
Rule ID.............: 25
Ref count...........: 0
Precedence..........: 99999999
Flags...............: 00000001 ( PASS )
Service Info
Service name........: GDB
Protocol............: 6
Source port low.....: 0
Source port high....: 0
Dest port low.......: 1000
Dest port high......: 1000
Source IP range:
IP High............: 0.0.0.0
Interface..........: ANY
Destination IP range:
(Local stack)
--------------------------------------------------------
show rogue adhoc detailed
To display details of an ad-hoc rogue access point detected by the Cisco wireless LAN controller, use the show rogue adhoc client detailed command.
show rogue adhoc detailed MAC_address
Syntax Description
MAC_address |
Adhoc rogue MAC address. |
Command Default
None
Examples
The following example shows how to display detailed ad-hoc rogue MAC address information:
(Cisco Controller) > show rogue adhoc client detailed 02:61:ce:8e:a8:8c
Adhoc Rogue MAC address.......................... 02:61:ce:8e:a8:8c
Adhoc Rogue BSSID................................ 02:61:ce:8e:a8:8c
State............................................ Alert
First Time Adhoc Rogue was Reported.............. Tue Dec 11 20:45:45 2007
Last Time Adhoc Rogue was Reported............... Tue Dec 11 20:45:45 2007
Reported By
AP 1
MAC Address.............................. 00:14:1b:58:4a:e0
Name..................................... AP0014.1ced.2a60
Radio Type............................... 802.11b
SSID..................................... rf4k3ap
Channel.................................. 3
RSSI..................................... -56 dBm
SNR...................................... 15 dB
Encryption............................... Disabled
ShortPreamble............................ Disabled
WPA Support.............................. Disabled
Last reported by this AP............... Tue Dec 11 20:45:45 2007
show rogue adhoc summary
To display a summary of the ad-hoc rogue access points detected by the Cisco wireless LAN controller, use the show rogue adhoc summary command.
show rogue adhoc summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a summary of all ad-hoc rogues:
(Cisco Controller) > show rogue adhoc summary
Detect and report Ad-Hoc Networks................ Enabled
Client MAC Address Adhoc BSSID State # APs Last Heard
------------------ ----------- ----- --- -------
xx:xx:xx:xx:xx:xx super Alert 1 Sat Aug 9 21:12:50 2004
xx:xx:xx:xx:xx:xx Alert 1 Aug 9 21:12:50 2003
xx:xx:xx:xx:xx:xx Alert 1 Sat Aug 9 21:10:50 2003
show rogue ap clients
To display details of rogue access point clients detected by the Cisco wireless LAN controller, use the show rogue ap clients command.
show rogue ap clients ap_mac_address
Syntax Description
ap_mac_address |
Rogue access point MAC address. |
Command Default
None
Examples
The following example shows how to display details of rogue access point clients:
(Cisco Controller) > show rogue ap clients xx:xx:xx:xx:xx:xx
MAC Address State # APs Last Heard
----------------- ------------------ ----- -------------------------
00:bb:cd:12:ab:ff Alert 1 Fri Nov 30 11:26:23 2007
show rogue ap detailed
To display details of a rogue access point detected by the Cisco wireless LAN controller, use the show rogue-ap detailed command.
show rogue ap detailed ap_mac_address
Syntax Description
ap_mac_address |
Rogue access point MAC address. |
Command Default
None
Examples
The following example shows how to display detailed information of a rogue access point:
(Cisco Controller) > show rogue ap detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:63:d1:94
Is Rogue on Wired Network........................ No
Classification................................... Unclassified
State............................................ Alert
First Time Rogue was Reported.................... Fri Nov 30 11:24:56 2007
Last Time Rogue was Reported..................... Fri Nov 30 11:24:56 2007
Reported By
AP 1
MAC Address.............................. 00:12:44:bb:25:d0
Name..................................... flexconnect
Radio Type............................... 802.11g
SSID..................................... edu-eap
Channel.................................. 6
RSSI..................................... -61 dBm
SNR...................................... -1 dB
Encryption............................... Enabled
ShortPreamble............................ Enabled
WPA Support.............................. Disabled
Last reported by this AP.............. Fri Nov 30 11:24:56 2007
show rogue ap summary
To display a summary of the rogue access points detected by the Cisco wireless LAN controller, use the show rogue-ap summary command.
show rogue ap summary {ssid | channel}
Syntax Description
ssid |
Displays specific user-configured SSID of the rogue access point. |
channel |
Displays specific user-configured radio type and channel of the rogue access point. |
Command Default
None
Examples
The following example shows how to display a summary of all rogue access points:
(Cisco Controller) > show rogue ap summary
Rogue Location Discovery Protocol................ Disabled
Rogue ap timeout................................. 1200
MAC Address Classification # APs # Clients Last Heard
----------------- ------------------ ----- --------- -----------------------
xx:xx:xx:xx:xx:xx friendly 1 0 Thu Aug 4 18:57:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 19:00:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 18:57:11 2005
xx:xx:xx:xx:xx:xx malicious 1 0 Thu Aug 4 18:57:11 2005
The following example shows how to display a summary of all rogue access points with SSID as extended parameter.
(Cisco Controller) > show rogue ap summary ssid
MAC Address Class State SSID Security
--------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert xxx Open
xx:xx:xx:xx:xx:xx Unclassified Alert xxx Open
xx:xx:xx:xx:xx:xx Pending Pending xxx Open
xx:xx:xx:xx:xx:xx Unclassified Alert xxx WEP/WPA
The following example shows how to display a summary of all rogue access points with channel as extended parameter.
(Cisco Controller) > show rogue ap summary channel
MAC Address Class State Det RadioType Channel RSSIlast/Max)
--------------------------------------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11g 11 -53 / -48
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11g 11 -53 / -48
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
xx:xx:xx:xx:xx:xx Unclassified Alert 802.11a 149 -74 / -69
The following example shows how to display a summary of all rogue access points with both SSID and channel as extended parameters.
(Cisco Controller) > show rogue ap summary ssid channel
MAC Address Class State SSID Security Det RadioType Channel RSSI(last/Max)
-----------------------------------------------------------------------------------------------------------------
xx:xx:xx:xx:xx:xx Unclassified Alert dd WEP/WPA 802.11n5G 56 -73 / -62
xx:xx:xx:xx:xx:xx Unclassified Alert SSID IS HIDDEN Open 802.11a 149 -68 / -66
xx:xx:xx:xx:xx:xx Unclassified Alert wlan16 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan15 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan14 WEP/WPA 802.11n5G 149 -71 / -71
xx:xx:xx:xx:xx:xx Unclassified Alert wlan13 WEP/WPA 802.11n5G 149 -71 / -70
xx:xx:xx:xx:xx:xx Unclassified Alert wlan12 WEP/WPA 802.11n5G 149 -71 / -71
show rogue ap friendly summary
To display a list of the friendly rogue access points detected by the controller, use the show rogue ap friendly summary command.
show rogue ap friendly summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a summary of all friendly rogue access points:
(Cisco Controller) > show rogue ap friendly summary
Number of APs.................................... 1
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- ---------------------------
XX:XX:XX:XX:XX:XX Internal 1 0 Tue Nov 27 13:52:04 2007
show rogue ap malicious summary
To display a list of the malicious rogue access points detected by the controller, use the show rogue ap malicious summary command.
show rogue ap malicious summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a summary of all malicious rogue access points:
(Cisco Controller) > show rogue ap malicious summary
Number of APs.................................... 2
MAC Address State # APs # Clients Last Heard
----------------- ------------------ ----- --------- ---------------------------
XX:XX:XX:XX:XX:XX Alert 1 0 Tue Nov 27 13:52:04 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Tue Nov 27 13:52:04 2007
show rogue ap unclassified summary
To display a list of the unclassified rogue access points detected by the controller, use the show rogue ap unclassified summary command.
show rogue ap unclassified summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a list of all unclassified rogue access points:
(Cisco Controller) > show rogue ap unclassified summary
Number of APs.................................... 164
MAC Address State # APs # Clients Last Heard
----------------- ------------- ----- --------- ---------------
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:12:52 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:29:01 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:26:23 2007
XX:XX:XX:XX:XX:XX Alert 1 0 Fri Nov 30 11:26:23 2007
show rogue client detailed
To display details of a rogue client detected by a Cisco wireless LAN controller, use the show rogue client detailed command.
show rogue client detailed Rogue_AP MAC_address
Syntax Description
Rogue_AP |
Rogue AP address. |
MAC_address |
Rogue client MAC address. |
Command Default
None
Examples
The following example shows how to display detailed information for a rogue client:
(Cisco Controller) > show rogue client detailed xx:xx:xx:xx:xx:xx
Rogue BSSID...................................... 00:0b:85:23:ea:d1
State............................................ Alert
First Time Rogue was Reported.................... Mon Dec 3 21:50:36 2007
Last Time Rogue was Reported..................... Mon Dec 3 21:50:36 2007
Rogue Client IP address.......................... Not known
Reported By
AP 1
MAC Address.............................. 00:15:c7:82:b6:b0
Name..................................... AP0016.47b2.31ea
Radio Type............................... 802.11a
RSSI..................................... -71 dBm
SNR...................................... 23 dB
Channel.................................. 149
Last reported by this AP.............. Mon Dec 3 21:50:36 2007
show rogue client summary
To display a summary of the rogue clients detected by the Cisco wireless LAN controller, use the show rogue client summary command.
show rogue client summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a list of all rogue clients:
(Cisco Controller) > show rogue client summary
MAC Address State # APs Last Heard
----------------- ------------------ ----- -----------------------
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:00:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:03:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:09:11 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 18:57:08 2005
xx:xx:xx:xx:xx:xx Alert 1 Thu Aug 4 19:12:08 2005
show rogue ignore-list
To display a list of rogue access points that are configured to be ignored, use the show rogue ignore-list command.
show rogue ignore-list
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a list of all rogue access points that are configured to be ignored.
(Cisco Controller) > show rogue ignore-list
MAC Address
-----------------
xx:xx:xx:xx:xx:xx
show rogue rule detailed
To display detailed information for a specific rogue classification rule, use the show rogue rule detailed command.
show rogue rule detailed rule_name
Syntax Description
rule_name |
Rogue rule name. |
Command Default
None
Examples
The following example shows how to display detailed information on a specific rogue classification rule:
(Cisco Controller) > show rogue rule detailed Rule2
Priority......................................... 2
Rule Name........................................ Rule2
State............................................ Enabled
Type............................................. Malicious
Match Operation.................................. Any
Hit Count........................................ 352
Total Conditions................................. 2
Condition 1
type......................................... Client-count
value........................................ 10
Condition 2
type......................................... Duration
value (seconds).............................. 2000
Condition 3
type......................................... Managed-ssid
value........................................ Enabled
Condition 4
type......................................... No-encryption
value........................................ Enabled
Condition 5
type......................................... Rssi
value (dBm).................................. -50
Condition 6
type......................................... Ssid
SSID Count................................... 1
SSID 1.................................... test
show rogue rule summary
To display the rogue classification rules that are configured on the controller, use the show rogue rule summary command.
show rogue rule summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display a list of all rogue rules that are configured on the controller:
(Cisco Controller) > show rogue rule summary
Priority Rule Name State Type Match Hit Count
-------- ----------------------- -------- ------------- ----- ---------
1 mtest Enabled Malicious All 0
2 asdfasdf Enabled Malicious All 0
show tacacs acct statistics
To display detailed radio frequency identification (RFID) information for a specified tag, use the show tacacs acct statistics command.
show tacacs acct statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display detailed RFID information:
(Cisco Controller) > show tacacs acct statistics
Accounting Servers:
Server Index..................................... 1
Server Address................................... 10.0.0.0
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 1
Retry Requests................................... 0
Accounting Response.............................. 0
Accounting Request Success....................... 0
Accounting Request Failure....................... 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. -1
Timeout Requests................................. 1
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs athr statistics
To display TACACS+ server authorization statistics, use the show tacacs athr statistics command.
show tacacs athr statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display TACACS server authorization statistics:
(Cisco Controller) > show tacacs athr statistics
Authorization Servers:
Server Index..................................... 3
Server Address................................... 10.0.0.3
Msg Round Trip Time.............................. 0 (1/100 second)
First Requests................................... 0
Retry Requests................................... 0
Received Responses............................... 0
Authorization Success............................ 0
Authorization Failure............................ 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs auth statistics
To display TACACS+ server authentication statistics, use the show tacacs auth statistics command.
show tacacs auth statistics
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display TACACS server authentication statistics:
(Cisco Controller) > show tacacs auth statistics
Authentication Servers:
Server Index..................................... 2
Server Address................................... 10.0.0.2
Msg Round Trip Time.............................. 0 (msec)
First Requests................................... 0
Retry Requests................................... 0
Accept Responses................................. 0
Reject Responses................................. 0
Error Responses.................................. 0
Restart Responses................................ 0
Follow Responses................................. 0
GetData Responses................................ 0
Encrypt no secret Responses...................... 0
Challenge Responses.............................. 0
Malformed Msgs................................... 0
Bad Authenticator Msgs........................... 0
Pending Requests................................. 0
Timeout Requests................................. 0
Unknowntype Msgs................................. 0
Other Drops...................................... 0
show tacacs summary
To display TACACS+ server summary information, use the show tacacs summary command.
show tacacs summary
Syntax Description
This command has no arguments or keywords.
Command Default
None
Examples
The following example shows how to display TACACS server summary information:
(Cisco Controller) > show tacacs summary
Authentication Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
2 10.0.0.1 49 Enabled 30
Accounting Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
1 10.0.0.0 49 Enabled 5
Authorization Servers
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
3 10.0.0.3 49 Enabled 5
Idx Server Address Port State Tout
--- ---------------- ------ -------- ----
4 2001:9:6:40::623 49 Enabled 5
...