Command Reference, Cisco IOS XE Denali 16.2.x (Catalyst 3850 Switches)

aaa-override

To enable AAA override on the WLAN, use the aaa-override command. To disable AAA override, use the no form of this command.

aaa-override

no aaa-override

Syntax Description

This command has no keywords or arguments.

Command Default

AAA is disabled by default.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable AAA on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# aaa-override
Device(config-wlan)# no shutdown
Device(config-wlan)# end

This example shows how to disable AAA on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# no aaa-override
Device(config-wlan)# no shutdown
Device(config-wlan)# end

accounting-list

To configure RADIUS accounting servers on a WLAN, use the accounting-list command. To disable RADIUS server accounting, use the no form of this command.

accounting-list radius-server-acct

no accounting-list

Syntax Description


`radius-server-acct`	Accounting RADIUS server name.

Command Default

RADIUS server accounting is disabled by default.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure RADIUS server accounting on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# accounting-list test
Device(config-wlan)# end

This example shows how to disable RADIUS server accounting on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no accounting-list test
Device(config-wlan)# end

assisted-roaming

To configure assisted roaming using 802.11k on a WLAN, use the assisted-roaming command. To disable assisted roaming, use the no form of this command.

assisted-roaming {dual-list | neighbor-list | prediction}

no assisted-roaming {dual-list | neighbor-list | prediction}

Syntax Description


dual-list	Configures a dual band 802.11k neighbor list for a WLAN. The default is the band that the client is currently associated with.
neighbor-list	Configures an 802.11k neighbor list for a WLAN.
prediction	Configures assisted roaming optimization prediction for a WLAN.

Command Default

Neighbor list and dual band support are enabled by default. The default is the band that the client is currently associated with.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.3SE	This command was introduced.

Usage Guidelines

When you enable the assisted roaming prediction list, a warning appears and load balancing is disabled for the WLAN if load balancing is already enabled on the WLAN. To make changes to the WLAN, the WLAN must be in disabled state.

Example

The following example shows how to configure a 802.11k neighbor list on a WLAN:

Device(config-wlan)#assisted-roaming neighbor-list

The following example shows the warning message when load balancing is enabled on a WLAN. Load balancing must be disabled if it is already enabled when configuring assisted roaming:


Device(config)#wlan test-prediction 2 test-prediction
Device(config-wlan)#client vlan 43
Device(config-wlan)#no security wpa
Device(config-wlan)#load-balance
Device(config-wlan)#assisted-roaming prediction
WARNING: Enabling neighbor list prediction optimization may slow association and impact VOICE client perform.
Are you sure you want to continue? (y/n)[y]: y
% Request aborted - Must first disable Load Balancing before enabling Assisted Roaming Prediction Optimization on this WLAN.

band-select

To configure band selection on a WLAN, use the band-select command. To disable band selection, use the no form of this command.

band-select

no band-select

Syntax Description

This command has no keywords or arguments.

Command Default

Band selection is disabled by default.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

When you enable band select on a WLAN, the access point suppresses client probes on 2.4GHz and moves the dual band clients to the 5-GHz spectrum. The band-selection algorithm directs dual-band clients only from the 2.4-GHz radio to the 5-GHz radio of the same access point, and it only runs on an access point when both the 2.4-GHz and 5-GHz radios are up and running.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable band select on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# band-select                            
Device(config-wlan)# end

This example shows how to disable band selection on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no band-select
Device(config-wlan)# end

broadcast-ssid

To enable a Service Set Identifier (SSID) on a WLAN, use the broadcast-ssid command. To disable broadcasting of SSID, use the no form of this command.

broadcast-ssid

no broadcast-ssid

Syntax Description

This command has no keywords or arguments.

Command Default

The SSIDs of WLANs are broadcasted by default.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable a broadcast SSID on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# broadcast-ssid                            
Device(config-wlan)# end

This example shows how to disable a broadcast SSID on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no broadcast-ssid
Device(config-wlan)# end

call-snoop

To enable Voice over IP (VoIP) snooping on a WLAN, use the call-snoop command. To disable Voice over IP (VoIP), use the no form of this command.

call-snoop

no call-snoop

Syntax Description

This command has no keywords or arguments.

Command Default

VoIP snooping is disabled by default.

Command Modes

WLN configuration

Usage Guidelines

You must disable the WLAN before using this command. See the Related Commands section for more information on how to disable a WLAN.

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

The WLAN on which call snooping is configured must be configured with Platinum QoS. You must disable quality of service before using this command. See Related Commands section for more information on configuring QoS service-policy.

This example shows how to enable VoIP on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# call-snoop                            
Device(config-wlan)# end

This example shows how to disable VoIP on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no call-snoop
Device(config-wlan)# end

channel-scan defer-priority

To configure the device to defer priority markings for packets that can defer off-channel scanning, use the channel-scan defer-priority command. To disable the device to defer priority markings for packets that can defer off-channel scanning, use the no form of this command.

channel-scan defer-priority priority

no channel-scan defer-priority priority

Syntax Description


`priority`	Channel priority value. The range is 0 to 7. The default is 3.

Command Default

Channel scan defer is enabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to enable channel scan defer priority on a WLAN and set it to a priority value 4:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# channel-scan defer-priority 4                            
Device(config-wlan)# end

This example shows how to disable channel scan defer priority on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no channel-scan defer-priority 4
Device(config-wlan)# end

channel-scan defer-time

To assign a channel scan defer time, use the channel-scan defer-time command. To disable the channel scan defer time, use the no form of this command.

channel-scan defer-time msecs

no channel-scan defer-time

Syntax Description


`msecs`	Deferral time in milliseconds. The range is from 0 to 60000. The default is 100.

Command Default

Channel-scan defer time is enabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

The time value in milliseconds should match the requirements of the equipment on the WLAN.

This example shows how to enable a channel scan on the WLAN and set the scan deferral time to 300 milliseconds:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# channel-scan defer-time 300                            
Device(config-wlan)# end

This example shows how to disable channel scan defer time on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no channel-scan defer-time
Device(config-wlan)# end

chd

To enable coverage hole detection on a WLAN, use the chd command. To disable coverage hole detection, use the no form of this command.

chd

no chd

Syntax Description

This command has no keywords or arguments.

Command Default

Coverage hole detection is enabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to enable coverage hole detection on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# chd                            
Device(config-wlan)# end

This example shows how to disable coverage hole detection on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no chd
Device(config-wlan)# end

client association limit

To configure the maximum number of client connections, clients per access points, or clients per access point radio on a WLAN, use the client association limit command. To disable clients association limit on the WLAN, use the no form of this command.

client association limit {association-limit | ap ap-limit | radio max-ap-radio-limit}

no client association limit {association-limit | ap ap-limit | radio max-ap-radio-limit}

Syntax Description


`association-limit`	Number of client connections to be accepted. The range is from 0 to 2000. A value of zero (0) indicates no set limit.
ap	Maximum number of clients per access point.
`ap-limit`	Configures the maximum number of client connections to be accepted per access point radio. The valid range is from 0 to 400.
radio	Configures the maximum number of clients per AP radio.
`max-ap-radio-limit`	Maximum number of client connections to be accepted per access point radio. The valid range is from 0 - 200.

Command Default

The maximum number of client connections is set to 0 (no limit).

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.
Cisco IOS XE 3.3SE	The command was modified. The ap and radio keywords were added.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure a client association limit on a WLAN and configure the client limit to 200:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# client association limit 200                            
Device(config-wlan)# no shutdown
Device(config-wlan)# end

This example shows how to disable a client association limit on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# no client association limit
Device(config-wlan)# no shutdown
Device(config-wlan)# end

This example shows how to configure a client association limit per radio on a WLAN and configure the client limit to 200:

Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# client association limit radio 200
Device(config-wlan)# no shutdown
Device(config-wlan)# end

This example shows how to configure a client association limit per AP on a WLAN and configure the client limit to 300::

Device# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# client association limit ap 300
Device(config-wlan)# no shutdown
Device(config-wlan)# end

client vlan

To configure a WLAN interface or an interface group, use the client vlan command. To disable the WLAN interface, use the no form of this command.

client vlan interface-id-name-or-group-name

no client vlan

Syntax Description


`interface-id-name-or-group-name`	Interface ID, name, or VLAN group name. The interface ID can also be in digits too.

Command Default

The default interface is configured.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable a client VLAN on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# client vlan client-vlan1                            
Device(config-wlan)# end

This example shows how to disable a client VLAN on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no client vlan
Device(config-wlan)# end

ccx aironet-iesupport

To enable Aironet Information Elements (IEs) for a WLAN, use the ccx aironet-iesupport command. To disable Aironet Information Elements (IEs), use the no form of this command.

ccx aironet-iesupport

no ccx aironet-iesupport

Syntax Description

This command has no keywords or arguments.

Command Default

Aironet IE support is enabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable an Aironet IE for a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# ccx aironet-iesupport                            
Device(config-wlan)# end

This example shows how to disable an Aironet IE on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no ccx aironet-iesupport
Device(config-wlan)# end

datalink flow monitor

To enable NetFlow monitoring in a WLAN, use the datalink flow monitor command. To disable NetFlow monitoring, use the no form of this command.

datalink flow monitor datalink-monitor-name {input | output}

no datalink flow monitor datalink-monitor-name {input | output}

Syntax Description


`datalink-monitor-name`	Flow monitor name. The datalink monitor name can have up to 31 characters.
input	Specifies the NetFlow monitor for ingress traffic.
output	Specifies the NetFlow monitor for egress traffic.

Command Default

None.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable NetFlow monitoring on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# datalink flow monitor test output                            
Device(config-wlan)# end

This example shows how to disable NetFlow monitoring on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no datalink flow monitor test output
Device(config-wlan)# end

device-classification

To enable client device classification in a WLAN, use the device-classification command. To disable device classification, use the no form of this command.

device-classification

no device-classification

Syntax Description


device-classification	Enables/Disables Client Device Classification.

Command Default

None.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# device-classification                            
Device(config-wlan)# end

default

To set the parameters to their default values, use the default command.

default {aaa-override | accounting-list | band-select | broadcast-ssid | call-snoop | ccx | channel-scan | parameters | chd | client | datalink | diag-channel | dtim | exclusionlist | ip | ipv6 | load-balance | local-auth | mac-filtering | media-stream | mfp | mobility | nac | passive-client | peer-blocking | radio | roamed-voice-client | security | service-policy | session-timeout | shutdown | sip-cac | static-ip | uapsd | wgb | wmm}

Syntax Description


aaa-override	Sets the AAA override parameter to its default value.
accounting-list	Sets the accounting parameter and its attributes to their default values.
band-select	Sets the band selection parameter to its default values.
broadcast-ssid	Sets the broadcast Service Set Identifier (SSID) parameter to its default value.
call-snoop	Sets the call snoop parameter to its default value.
ccx	Sets the Cisco client extension (Cisco Aironet IE) parameters and attributes to their default values.
channel-scan	Sets the channel scan parameters and attributes to their default values.
chd	Sets the coverage hold detection parameter to its default value.
client	Sets the client parameters and attributes to their default values.
datalink	Sets the datalink parameters and attributes to their default values.
diag-channel	Sets the diagnostic channel parameters and attributes to their default values.
dtim	Sets the Delivery Traffic Indicator Message (DTIM) parameter to its default value.
exclusionlist	Sets the client exclusion timeout parameter to its default value.
ip	Sets the IP parameters to their default values.
ipv6	Sets the IPv6 parameters and attributes to their default values.
load-balance	Sets the load-balancing parameter to its default value.
local-auth	Sets the Extensible Authentication Protocol (EAP) profile parameters and attributes to their default values.
mac-filtering	Sets the MAC filtering parameters and attributes to their default values.
media-stream	Sets the media stream parameters and attributes to their default values.
mfp	Sets the Management Frame Protection (MPF) parameters and attributes to their default values.
mobility	Sets the mobility parameters and attributes to their default values.
nac	Sets the RADIUS Network Admission Control (NAC) parameter to its default value.
passive-client	Sets the passive client parameter to its default value.
peer-blocking	Sets the peer to peer blocking parameters and attributes to their default values.
radio	Sets the radio policy parameters and attributes to their default values.
roamed-voice-client	Sets the roamed voice client parameters and attributes to their default values.
security	Sets the security policy parameters and attributes to their default values.
service-policy	Sets the WLAN quality of service (QoS) policy parameters and attributes to their default values.
session-timeout	Sets the client session timeout parameter to its default value.
shutdown	Sets the shutdown parameter to its default value.
sip-cac	Sets the Session Initiation Protocol (SIP) Call Admission Control (CAC) parameters and attributes to their default values.
static-ip	Sets the static IP client tunneling parameters and their attributes to their default values.
uapsd	Sets the Wi-Fi Multimedia (WMM) Unscheduled Automatic Power Save Delivery (UAPSD) parameters and attributes to their default values.
wgb	Sets the Workgroup Bridges (WGB) parameter to its default value.
wmm	Sets the WMM parameters and attributes to their default values.

Command Default

None.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to set the Cisco Client Extension parameter to its default value:

Device(config-wlan)# default ccx aironet-iesupport

dtim dot11

To configure the Delivery Traffic Indicator Message (DTIM) period for a WLAN, use the dtim dot11 command. To disable DTIM, use the no form of this command.

dtim dot11 {5ghz | 24ghz} dtim-period

no dtim dot11 {5ghz | 24ghz} dtim-period

Syntax Description


5ghz	Configures the DTIM period on the 5-GHz band.
24ghz	Configures the DTIM period on the 2.4-GHz band.
`dtim-period`	Value for the DTIM period. The range is from 1 to 255.

Command Default

The DTIM period is set to 1.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable the DTIM period on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# dtim dot11 24ghz 3

This example shows how to disable the DTIM period on a WLAN on the 2.4-GHz band:


Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no dtim dot11 24ghz 3

exclusionlist

To configure an exclusion list on a wireless LAN, use the exclusionlist command. To disable an exclusion list, use the no form of this command.

exclusionlist [timeout seconds]

no exclusionlist [timeout]

Syntax Description


timeout `seconds`	(Optional) Specifies an exclusion list timeout in seconds. The range is from 0 to 2147483647. A value of zero (0) specifies no timeout.

Command Default

The exclusion list is set to 60 seconds.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure a client exclusion list for a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# exclusionlist timeout 345

This example shows how to disable a client exclusion list on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no exclusionlist timeout 345

exit

To exit the WLAN configuration submode, use the exit command.

exit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to exit the WLAN configuration submode:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# exit
Device(config)#

exit (WLAN AP Group)

To exit the WLAN access point group submode, use the exit command.

exit

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN AP Group configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to exit the WLAN AP group submode:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap group test
Device(config-apgroup)# exit

ip access-group

To configure WLAN access control group (ACL), use the ip access-group command. To remove a WLAN ACL group, use the no form of the command.

ip access-group [web] acl-name

no ip access-group [web]

Syntax Description


web	(Optional) Configures the IPv4 web ACL.
`acl-name`	Specify the preauth ACL used for the WLAN with the security type value as webauth.

Command Default

None

Command Modes

WLAN configuration

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to configure a WLAN ACL:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#wlan wlan1
Device(config-wlan)#ip access-group test-acl

This example shows how to configure an IPv4 WLAN web ACL:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# ip access-group web test
Device(config-wlan)#

ip flow monitor

To configure IP NetFlow monitoring, use the ip flow monitor command. To remove IP NetFlow monitoring, use the no form of this command.

ip flow monitor ip-monitor-name {input | output}

no ip flow monitor ip-monitor-name {input | output}

Syntax Description


`ip-monitor-name`	Flow monitor name.
input	Enables a flow monitor for ingress traffic.
output	Enables a flow monitor for egress traffic.

Command Default

None

Command Modes

WLAN configuration

Usage Guidelines

You must disable the WLAN before using this command.

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to configure an IP flow monitor for the ingress traffic:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# ip flow monitor test input

This example shows how to disable an IP flow monitor:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no ip flow monitor test input

ip verify source mac-check

To enable IPv4 Source Guard (IPSG) on a WLAN, use the ip verify source mac-check command. To disable IPSG, use the no form of this command.

ip verify source mac-check

no ip verify source mac-check

Syntax Description

This command has no keywords or arguments.

Command Default

IPSG is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

Use this feature to restrict traffic from a host to a specific interface that is based on the host's IP address. The feature can also be configured to bind the source MAC and IP of a host so that IP spoofing is prevented.

Use this feature to bind the IP and MAC address of a wireless host that is based on information received from DHCP snooping, ARP, and Dataglean. Dataglean is the process of extracting location information such as host hardware address, ports that lead to the host, and so on from DHCP messages as they are forwarded by the DHCP relay agent. If a wireless host tries to send traffic with IP address and MAC address combination that has not been learned by the device, this traffic is dropped in the hardware. IPSG is not supported on DHCP packets. IPSG is not supported for foreign clients in a foreign device.

You must disable the WLAN before using this command.

This example shows how to enable IPSG:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# ip verify source mac-check

This example shows how to disable IPSG:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no ip verify source mac-check

load-balance

To enable load balancing on a WLAN, use the load-balance command. To disable load balancing, use the no form of this command.

load-balance

no load-balance

Syntax Description

This command has no keywords or arguments.

Command Default

Load balancing is disabled by default.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	The command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable load balancing on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# shutdown
Device(config)# wlan wlan1
Device(config-wlan)# load-balance
Device(config)# no shutdown
Device(config-wlan)# end

This example shows how to disable load balancing on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# shutdown
Device(config)# wlan wlan1
Device(config-wlan)# no load-balance
Device(config)# no shutdown
Device(config-wlan)# end

mobility anchor

To configure mobility sticky anchoring, use the mobility anchor sticky command. To disable the sticky anchoring, use the no form of the command.

To configure guest anchoring, use the mobility anchor ip-address command.

To delete the guest anchor, use the no form of the command.

To configure the device as an auto-anchor, use the mobility anchor command.

mobility anchor {ip-address | sticky}

no mobility anchor {ip-address | sticky}

Syntax Description

sticky

The client is anchored to the first switch that it associates.

Note

This command is by default enabled and ensures low roaming latency. This ensures that the point of presence for the client does not change when the client joins the mobility domain and roams within the domain.

ip-address

Configures the IP address for the guest anchor device to this WLAN.

Command Default

Sticky configuration is enabled by default.

Command Modes

WLAN Configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.
Cisco IOS XE 3.3SE	The auto-anchor configuration required the device IP address to be entered prior to the Cisco IOS XE 3.3SE release; with this release, if no IP address is given, the device itself becomes an anchor; you do not have to explicitly specify the IP address.

Usage Guidelines

The wlan_id or guest_lan_id must exist and be disabled.
Auto-anchor mobility is enabled for the WLAN or wired guest LAN when you configure the first mobility anchor.
Deleting the last anchor disables the auto-anchor mobility feature and resumes normal mobility for new associations.
Mobility uses the following ports, that are allowed through the firewall:
- 16666
- 16667
- 16668

This example shows how to enable the sticky mobility anchor:

Device(config-wlan)# mobility anchor sticky

This example shows how to configure guest anchoring:

Device(config-wlan)# mobility anchor 209.165.200.224

This example shows how to configure the device as an auto-anchor:

Device(config-wlan)# mobility anchor

nac

To enable RADIUS Network Admission Control (NAC) support for a WLAN, use the nac command. To disable NAC out-of-band support, use the no form of this command.

nac

no nac

Syntax Description

This command has no keywords or arguments.

Command Default

NAC is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You should enable AAA override before you enable the RADIUS NAC state.

This example shows how to configure RADIUS NAC on the WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# aaa-override
Device(config-wlan)# nac

This example shows how to disable RADIUS NAC on the WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no nac
Device(config-wlan)# no aaa-override

passive-client

To enable the passive client feature on a WLAN, use the passive-client command. To disable the passive client feature, use the no form of this command.

passive-client

no passive-client

Syntax Description

This command has no keywords or arguments.

Command Default

Passive client feature is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must enable the global multicast mode and multicast-multicast mode before entering this command. Both multicast-multicast mode and multicast unicast modes are supported. The multicast-multicast mode is recommended.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This show how to enable the passive client feature on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless multicast
Device(config)# wlan test-wlan
Device(config-wlan)# passive-client

This example shows how to disable the passive client feature on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wireless multicast
Device(config)# wlan test-wlan
Device(config-wlan)# no passive-client

peer-blocking

To configure peer-to-peer blocking on a WLAN, use the peer-blocking command. To disable peer-to-peer blocking, use the no form of this command.

peer-blocking {drop | forward-upstream}

no peer-blocking

Syntax Description


drop	Specifies the device to discard the packets.
forward-upstream	Specifies the packets to be forwarded on the upstream VLAN. The device next in the hierarchy to the device decides what action to take regarding the packets.

Command Default

Peer blocking is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable the drop and forward-upstream options for peer-to-peer blocking:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# peer-blocking  drop
Device(config-wlan)# peer-blocking forward-upstream

This example shows how to disable the drop and forward-upstream options for peer-to-peer blocking:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no peer-blocking  drop
Device(config-wlan)# no peer-blocking forward-upstream

radio

To enable the Cisco radio policy on a WLAN, use the radio command. To disable the Cisco radio policy on a WLAN, use the no form of this command.

radio {all | dot11a | dot11ag | dot11bg | dot11g}

no radio

Syntax Description


all	Configures the WLAN on all radio bands.
dot11a	Configures the WLAN on only 802.11a radio bands.
dot11ag	Configures the WLAN on 802.11a/g radio bands.
dot11bg	Configures the wireless LAN on only 802.11b/g radio bands (only 802.11b if 802.11g is disabled).
dot11g	Configures the wireless LAN on 802.11g radio bands only.

Command Default

Radio policy is enabled on all bands.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure the WLAN on all radio bands:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# radio all

This example shows how to disable all radio bands on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no radio all

radio-policy

To configure the radio policy on a WLAN access point group, use the radio-policy command. To disable the radio policy on the WLAN, use the no form of this command.

radio-policy {all | dot11a | dot11bg | dot11g}

no radio {all | dot11a | dot11bg | dot11g}

Syntax Description


all	Configures the wireless LAN on all radio bands.
dot11a	Configures the wireless LAN on only 802.11a radio bands.
dot11bg	Configures the wireless LAN on only 802.11b/g (only 802.11b if 802.11g is disabled) radio bands.
dot11g	Configures the wireless LAN on only 802.11g radio bands.

Command Default

Radio policy is enabled on all the bands.

Command Modes

WLAN AP Group configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

The WLAN must be restarted for the changes to take effect. See Related Commands section for more information on how to shutdown a WLAN.

This example shows how to enable the radio policy on the 802.11b band for an AP group:

Device(config)# ap group test
Device(config-apgroup)# wlan test-wlan
Device(config-wlan-apgroup)# radio-policy dot11b

This example shows how to disable the radio policy on the 802.11b band of an AP group:

Device(config)# ap group test
Device(config-apgroup)# wlan test-wlan
Device(config-wlan-apgroup)# no radio-policy dot11bg

roamed-voice-client re-anchor

To enable the roamed-voice-client re-anchor feature, use the roamed-voice-client re-anchor command. To disable the roamed-voice-client re-anchor feature, use the no form of this command.

roamed-voice-client re-anchor

no roamed-voice-client re-anchor

Syntax Description

This command has no keywords or arguments.

Command Default

Roamed voice client reanchor feature is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable the roamed voice client re-anchor feature:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# roamed-voice-client re-anchor

This example shows how to disable the roamed voice client re-anchor feature:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no roamed-voice-client re-anchor

security ft

To configure 802.11r fast transition parameters, use the security ft command. To configure fast transition over the air , use the no security ft over-the-ds command.

security ft [over-the-ds | reassociation-timeout timeout-jn-seconds]

no security ft [over-the-ds | reassociation-timeout]

Syntax Description


over-the-ds	(Optional) Specifies that the 802.11r fast transition occurs over a distributed system. The no form of the command with this parameter configures security ft over the air.
reassociation-timeout	(Optional) Configures the reassociation timeout interval.
`timeout-in-seconds`	(Optional) Specifies the reassociation timeout interval in seconds. The valid range is between 1 to 100. The default value is 20.

Command Default

The feature is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.3SE	This command was introduced.

Usage Guidelines

None

WLAN Security must be enabled.

Example

The following example configures security FT configuration for an open WLAN:


Device#wlan test
Device(config-wlan)# client vlan 0140
Device(config-wlan)# no mobility anchor sticky
Device(config-wlan)# no security wpa
Device(config-wlan)# no security wpa akm dot1x
Device(config-wlan)# no security wpa wpa2
Device(config-wlan)# no security wpa wpa2 ciphers aes
Device(config-wlan)# security ft
Device(config-wlan)# shutdown

The following example shows a sample security FT on a WPA-enabled WLAN:


Device# wlan test
Device(config-wlan)# client vlan 0140
Device(config-wlan)# no security wpa akm dot1x
Device(config-wlan)# security wpa akm ft psk
Device(config-wlan)# security wpa akm psk set-key ascii 0 test-test
Device(config-wlan)# security ft
Device(config-wlan)# no shutdown

security pmf

To configure 802.11w Management Frame Protection (PMF) on a WLAN, use the security pmf command. To disable management frame protection, use the no form of the command.

security pmf {association-comeback association-comeback-time-seconds | mandatory | optional | saquery-retry-time saquery-retry-time-milliseconds}

no security pmf [association-comeback association-comeback-time-seconds | mandatory | optional | saquery-retry-time saquery-retry-time-milliseconds]

Syntax Description


association-comeback	Configures the 802.11w association comeback time.
`association-comeback-time-seconds`	Association comeback interval in seconds. Time interval that an associated client must wait before the association is tried again after it is denied with a status code 30. The status code 30 message is "Association request rejected temporarily; Try again later.” The range is from 1 through 20 seconds.
mandatory	Specifies that clients are required to negotiate 802.1w PMF protection on the WLAN.
optional	Specifies that the WLAN does not mandate 802.11w support on clients. Clients with no 802.11w capability can also join.
saquery-retry-time	Time interval identified before which the SA query response is expected. If the device does not get a response, another SA query is tried.
`saquery-retry-time-milliseconds`	The saquery retry time in milliseconds. The range is from 100 to 500 ms. The value must be specified in multiples of 100 milliseconds.

Command Default

PMF is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.3SE	This command was introduced.

Usage Guidelines

You must have WPA (Wi-Fi Protected Access) and AKM (Authentication Key Management) configured to use this feature. See Related Command section for more information on configuring the security parameters.

802.11w introduces an Integrity Group Temporal Key (IGTK) that is used to protect broadcast or multicast robust management frames. IGTK is a random value, assigned by the authenticator station (device) used to protect MAC management protocol data units (MMPDUs) from the source STA. The 802.11w IGTK key is derived using the four-way handshake and is used only on WLANs that are configured with WPA2 security at Layer 2.

This example shows how to enable the association comeback value at 15 seconds.

Device(config-wlan)# security pmf association-comeback 15

This example shows how to configure mandatory 802.11w MPF protection for clients on a WLAN:

Device(config-wlan)# security pmf mandatory

This example shows how to configure optional 802.11w MPF protection for clients on a WLAN:

Device(config-wlan)# security pmf optional

This example shows how to configure the saquery parameter:

Device(config-wlan)# security pmf saquery-retry-time 100

This example shows how to disable the PMF feature:

Device(config-wlan)# no security pmf

security web-auth

To change the status of web authentication used on a WLAN, use the security web-auth command. To disable web authentication on a WLAN, use the no form of the command.

security web-auth [authentication-list authentication-list-name | on-macfilter-failure | parameter-map parameter-map-name]

no security web-auth [authentication-list [authentication-list-name] | on-macfilter-failure | parameter-map [parameter-name]]

Syntax Description


authentication-list `authentication-list-name`	Sets the authentication list for IEEE 802.1x.
on-macfilter-failure	Enables web authentication on MAC failure.
parameter-map `parameter-map-name`	Configures the parameter map.

Command Default

Web authentication is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Examples

The following example shows how to configure the authentication-list web authentication on a WLAN:

Device(config-wlan)# security web-auth authentication-list test

security wpa akm

To configure authentication key management using Cisco Centralized Key Management (CCKM), use the security wpa akm command. To disable the authentication key management for Cisco Centralized Key Management, use the no form of the command.

security wpa [akm {cckm | dot1x | ft | pmf | psk} | wpa1 [ciphers {aes | tkip}] | wpa2 [ciphers {aes | tikp}]]

no security wpa [akm {cckm | dot1x | ft | pmf | psk} | wpa1 [ciphers {aes | tkip}] | wpa2 [ciphers {aes | tikp}]]

Syntax Description


akm	Configures the Authentication Key Management (AKM) parameters.
aes	Configures AES (Advanced Encryption Standard) encryption support.
cckm	Configures Cisco Centralized Key Management support.
ciphers	Configures WPA ciphers.
dot1x	Configures 802.1x support.
ft	Configures fast transition using 802.11r.
pmf	Configures 802.11w management frame protection.
psk	Configures 802.11r fast transition pre-shared key (PSK) support.
tkip	Configures Temporal Key Integrity Protocol (TKIP) encryption support.
wpa2	Configures Wi-Fi Protected Access 2 ( WPA2) support.

Command Default

By default Wi-Fi Protected Access2, 802.1x are enabled. WPA2, PSK, CCKM, FT dot1x, FT PSK, PMF dot1x, PMF PSK, FT Support are disabled. The FT Reassociation timeout is set to 20 seconds, PMF SA Query time is set to 200.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.3SE	This command was introduced.

Example

The following example shows how to configure CCKM on the WLAN.

Device(config-wlan)#security wpa akm cckm

service-policy (WLAN)

To configure the WLAN quality of service (QoS) service policy, use the service-policy command. To disable a QoS policy on a WLAN, use the no form of this command.

service-policy [client] {input | output} policy-name

no service-policy [client] {input | output} policy-name

Syntax Description


client	(Optional) Assigns a policy map to all clients in the WLAN.
input	Assigns an input policy map.
output	Assigns an output policy map.
`policy-name`	The policy name.

Command Default

No policies are assigned and the state assigned to the policy is None.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure the input QoS service policy on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# service-policy input policy-test

This example shows how to disable the input QoS service policy on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no service-policy input policy-test

This example shows how to configure the output QoS service policy on a WLAN to platinum (precious metal policy):

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# service-policy output platinum

session-timeout

To configure session timeout for clients associated to a WLAN, use the session-timeout command. To disable a session timeout for clients that are associated to a WLAN, use the no form of this command.

session-timeout seconds

no session-timeout

Syntax Description


`seconds`	Timeout or session duration in seconds. A value of zero (0) is equivalent to no timeout. The range is from 300 to 86400.

Command Default

The client timeout is set to 1800 seconds for WLANs that are configured with dot1x security. The client timeout is set to 0 for open WLANs.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to configure a session timeout to 300 seconds:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# session-timeout 300

This example shows how to disable a session timeout:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no session-timeout

show wlan

To view WLAN parameters, use the show wlan command.

show wlan {all | id wlan-id | name wlan-name | summary}

Syntax Description


all	Displays a summary of parameters of all configured WLANs. The list is ordered by the ascending order of the WLAN IDs.
id `wlan-id`	Specifies the wireless LAN identifier. The range is from 1 to 512.
name `wlan-name`	Specifies the WLAN profile name. The name is from 1 to 32 characters.
summary	Displays a summary of the parameters configured on a WLAN.

Command Default

None

Command Modes

Global configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to display a summary of the WLANs configured on the device:

Device# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                        test-wlan-ssid                  1    UP

This example shows how to display a summary of parameters configured on a particular WLAN:

Device# show wlan name test-wlan
WLAN Identifier                                : 45
Profile Name                                   : test-wlan
Network Name (SSID)                            : test-wlan-ssid
Status                                         : Enabled
Broadcast SSID                                 : Enabled
Maximum number of Associated Clients           : 0
AAA Policy Override                            : Disabled
Network Admission Control
  NAC-State                                    : Disabled
Number of Active Clients                       : 0
Exclusionlist Timeout                          : 60
Session Timeout                                : 1800 seconds
CHD per WLAN                                   : Enabled
Webauth DHCP exclusion                         : Disabled
Interface                                      : default
Interface Status                               : Up
Multicast Interface                            : test
WLAN IPv4 ACL                                  : test
WLAN IPv6 ACL                                  : unconfigured
DHCP Server                                    : Default
DHCP Address Assignment Required               : Disabled
DHCP Option 82                                 : Disabled
DHCP Option 82 Format                          : ap-mac
DHCP Option 82 Ascii Mode                      : Disabled
DHCP Option 82 Rid Mode                        : Disabled
QoS Service Policy - Input
  Policy Name                                  : unknown
  Policy State                                 : None
QoS Service Policy - Output
  Policy Name                                  : unknown
  Policy State                                 : None
QoS Client Service Policy
  Input  Policy Name                           : unknown
  Output Policy Name                           : unknown
WifiDirect                                     : Disabled
WMM                                            : Disabled
Channel Scan Defer Priority:
  Priority (default)                           : 4
  Priority (default)                           : 5
  Priority (default)                           : 6
Scan Defer Time (msecs)                        : 100
Media Stream Multicast-direct                  : Disabled
CCX - AironetIe Support                        : Enabled
CCX - Gratuitous ProbeResponse (GPR)           : Disabled
CCX - Diagnostics Channel Capability           : Disabled
Dot11-Phone Mode (7920)                        : Invalid
Wired Protocol                                 : None
Peer-to-Peer Blocking Action                   : Disabled
Radio Policy                                   : All
DTIM period for 802.11a radio                  : 1
DTIM period for 802.11b radio                  : 1
Local EAP Authentication                       : Disabled
Mac Filter Authorization list name             : Disabled
Accounting list name                           : Disabled
802.1x authentication list name                : Disabled
Security
    802.11 Authentication                      : Open System
    Static WEP Keys                            : Disabled
    802.1X                                     : Disabled
    Wi-Fi Protected Access (WPA/WPA2)          : Enabled
        WPA (SSN IE)                           : Disabled
        WPA2 (RSN IE)                          : Enabled
            TKIP Cipher                        : Disabled
            AES Cipher                         : Enabled
        Auth Key Management
            802.1x                             : Enabled
            PSK                                : Disabled
            CCKM                               : Disabled
    IP Security                                : Disabled
    IP Security Passthru                       : Disabled
    L2TP                                       : Disabled
    Web Based Authentication                   : Disabled
    Conditional Web Redirect                   : Disabled
    Splash-Page Web Redirect                   : Disabled
    Auto Anchor                                : Disabled
    Sticky Anchoring                           : Enabled
    Cranite Passthru                           : Disabled
    Fortress Passthru                          : Disabled
    PPTP                                       : Disabled
    Infrastructure MFP protection              : Enabled
    Client MFP                                 : Optional
    Webauth On-mac-filter Failure              : Disabled
    Webauth Authentication List Name           : Disabled
    Webauth Parameter Map                      : Disabled
    Tkip MIC Countermeasure Hold-down Timer    : 60
Call Snooping                                  : Disabled
Passive Client                                 : Disabled
Non Cisco WGB                                  : Disabled
Band Select                                    : Disabled
Load Balancing                                 : Disabled
IP Source Guard                                : Disabled
Netflow Monitor                                : test
        Direction                              : Input
        Traffic                                : Datalink

Mobility Anchor List
IP Address
-----------

show wireless wlan summary

To display wireless wlan summary, use the show wireless wlan summary command.

show wireless wlan summary

Syntax Description


This command has no keywords or arguments.

Command Default

None

Command History


Release	Modification
15.2(3)E	This command was introduced.

The following is a sample output of the show wireless wlan summary command.


Cisco-Controller# show wireless wlan summary 

Total WLAN Configured: 3

Total Client Count: 0



ID    Profile Name          SSID                  Security    Radio       VLAN        Client   Status  
-----------------------------------------------------------------------------------------------------
1     Test1                 xxx                   WPA1/WPA2   All         1           0        DOWN
2     wlan1                 wlan2-ssid            WPA1/WPA2   All         1           0        DOWN
3     wlan3                 mywlan3               WPA1/WPA2   All         1           0        DOWN

shutdown

To disable a WLAN, use the shutdown command. To enable a WLAN, use the no form of this command.

shutdown

no shutdown

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to disable a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan test-wlan
Device(config-wlan)# shutdown
Device(config-wlan)# end
Device# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                         test-wlan-ssid                  1    DOWN

This example shows how to enable a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan test-wlan
Device(config-wlan)# no shutdown
Device(config-wlan)# end
Device# show wlan summary
Number of WLANs: 1

WLAN Profile Name                     SSID                           VLAN Status
--------------------------------------------------------------------------------
45   test-wlan                         test-wlan-ssid                  1    UP

sip-cac

To configure the Session Initiation Protocol (SIP) Call Admission Control (CAC) feature on a WLAN, use the sip-cac command. To disable the SIP CAC feature, use the no form of this command.

sip-cac {disassoc-client | send-486busy}

no sip-cac {disassoc-client | send-486busy}

Syntax Description


disassoc-client	Enables a client disassociation if a CAC failure occurs.
send-486busy	Sends a SIP 486 busy message if a CAC failure occurs.

Command Default

None

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable a client disassociation and 486 busy message on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# sip-cac disassoc-client
Device(config-wlan)# sip-cac send-486busy

This example shows how to disable a client association and 486 busy message on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no sip-cac disassoc-client
Device(config-wlan)# no sip-cac send-486busy

static-ip tunneling

To enable static IP tunneling on a WLAN, use the static-ip tunneling command. To disable the static IP tunneling feature, use the no form of this command.

static-ip tunneling

no static-ip tunneling

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

This example shows how to enable static-IP tunneling:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# static-ip tunneling

This example shows how to disable static-IP tunneling:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no static-ip tunneling

vlan

To assign a VLAN to an AP group, use the vlan command. To remove a VLAN ID, use the no form of this command.

vlan interface-name

no vlan

Syntax Description


`interface-name`	VLAN interface name.

Command Default

No VALN is assigned to the AP group. See Related Commands section for more information on how to disable a WLAN.

Command Modes

WLAN AP Group configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command.

This example shows how to configure a VLAN on an AP group:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap group ap-group-1
Device(config-apgroup)# wlan test-wlan
Device(config-wlan-apgroup)# vlan 3

universal-admin

To configure the WLAN as the universal admin, use the universal-admin command. To remove the configuration, use the no form of this command.

universal-admin

Command Default

None

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.7.0 E	This command was introduced.

Deviceenable
Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#wlan wlan1
Device(config-wlan)#universal-admin

wgb non-cisco

To enable non-Cisco Workgroup Bridges (WGB) clients on the WLAN, use the wgb non-cisco command. To disable support for non-Cisco WGB clients, use the no form of this command.

wgb non-cisco

no wgb non-cisco

Syntax Description

This command has no keywords or arguments.

Command Default

Non-Cisco WGB clients are disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable non-Cisco WGBs on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# wgb non-cisco
Device(config-wlan)# no shutdown

This example shows how to disable support for non-Cisco WGB clients on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown
Device(config-wlan)# no wgb non-cisco
Device(config-wlan)# no shutdown

wifidirect policy

To configure Wi-Fi Direct client policy on a WLAN, use the wifidirect policy command. To disable Wi-Fi Direct Client policy, use the no form of the command.

wifidirect policy {permit | deny}

Syntax Description


permit	Enables Wi-Fi Direct clients to associate with the WLAN.
deny	When the Wi-Fi Direct policy is configured as "deny", the device permits or denies Wi-Fi Direct devices based on the device capabilities. A WI-Fi Direct device reports these capabilities in its association request to the device and these are based on the Wi-Fi capabilities of the device. These include: Concurrent Operation Cross connection If the Wi-Fi device supports either concurrent operations or cross connections or both, the client association is denied. The client can associate if the device does not support concurrent operations and cross connections.

Command Default

Wi-Fi Direct is disabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.3SE	This command was introduced.

Example

The following example shows how to enable Wi-Fi Direct and configure the Wi-Fi Direct clients to associate with the WLAN:

Device(config-wlan)# wifidirect policy permit

wlan (AP Group Configuration)

To configure WLAN parameters of a WLAN in an access point (AP) group, use the wlan command. To remove a WLAN from the AP group, use the no form of this command.

wlan wlan-name

no wlan wlan-name

Syntax Description


`wlan-name`	WLAN profile name. The range is from 1 to 32 alphanumeric characters.

Command Default

WLAN parameters are not configured for an AP group.

Command Modes

AP Group configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to configure WLAN related parameters in the AP group configuration mode:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# ap group test
Device(config-apgroup)# wlan qos-wlan

wlan

To create a wireless LAN, use the wlan command. To disable a wireless LAN, use the no form of this command.

wlan [wlan-name | wlan-name wlan-id | wlan-name wlan-id wlan-ssid]

no wlan [wlan-name | wlan-name wlan-id | wlan-name wlan-id wlan-ssid]

Syntax Description


`wlan-name`	WLAN profile name. The name is from 1 to 32 alphanumeric characters.
`wlan-id`	Wireless LAN identifier. The range is from 1 to 512.
`wlan-ssid`	SSID. The range is from 1 to 32 alphanumeric characters.

Command Default

WLAN is disabled.

Command Modes

Global configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

If you do not specify an SSID, the profile name parameter is used for both the profile name and the SSID. If the management and AP-manager interfaces are mapped to the same port and are members of the same VLAN, you must disable the WLAN before making a port-mapping change to either interface. If the management and AP-manager (Access Point Manager) interfaces are assigned to different VLANs, you do not need to disable the WLAN.

An error message appears if you try to delete a WLAN that is assigned to an access point group. If you proceed, the WLAN is removed from the access point group and from the access point’s radio.

This example shows how to create a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config)# wlan test-wlan-cr 67 test-wlan-cr-ssid

This example shows how to delete a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config)# no wlan test-wlan-cr 67 test-wlan-cr-ssid

wlan shutdown

To disable a WLAN, use the wlan shutdown command. To enable a WLAN, use the no form of this command.

wlan shutdown

no wlan shutdown

Command Default

The WLAN is disabled.

Command Modes

Global configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to shut down a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# shutdown

wmm

To enable Wi-Fi Multimedia (WMM) on a WLAN, use the wmm command. To disable WMM on a WLAN, use the no form of this command.

wmm {allowed | require}

no wmm

Syntax Description


allowed	Allows WMM on a WLAN.
require	Mandates that clients use WMM on the WLAN.

Command Default

WMM is enabled.

Command Modes

WLAN configuration

Command History


Release	Modification
Cisco IOS XE 3.2SE	This command was introduced.

Usage Guidelines

When the device is in Layer 2 mode and WMM is enabled, you must put the access points on a trunk port in order to allow them to join the device.

You must disable the WLAN before using this command. See Related Commands section for more information on how to disable a WLAN.

This example shows how to enable WMM on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# wmm allowed

This example shows how to disable WMM on a WLAN:

Device# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)# wlan wlan1
Device(config-wlan)# no wmm

Bias-Free Language

Results

Chapter: WLAN Commands

WLAN Commands

aaa-override

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

accounting-list

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

assisted-roaming

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Example

band-select

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

broadcast-ssid

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

call-snoop

Syntax Description

Command Default

Command Modes

Usage Guidelines

Command History

Usage Guidelines

channel-scan defer-priority

Syntax Description

Command Default

Command Modes

Command History

channel-scan defer-time

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

chd

Syntax Description

Command Default

Command Modes

Command History

client association limit

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

client vlan

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

ccx aironet-iesupport

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

datalink flow monitor

Syntax Description

Command Default