Environment : General
This guide was created to give Aruba beginners a set of CLI commands that are useful in every day troubleshooting. The commands are structured into several grouping: infrastructure, air quality, client connectivity, authentication/security, logging, and miscellaneous. Each command is listed in it’s most basic form (no additional keywords) and the context in which they are helpful.
When you log into the CLI, you are placed into user mode. In user mode there are a limited set of commands that can be issued. User mode consists of the hostname followed by the ">" character.
In order to access additional commands, you need to enter enable mode (see below). Enable mode requires a password to be entered. This may be the same password as the one used to login to user mode, or a completely different password depending on your configuration:
To access all of the commands possible, you need to enter enable mode. All commands in this tutorial require enable mode. Enable mode consists of the hostname followed by the "#" character:
Most configuration changes made to the controller will be made through config mode, or through a series of config mode sub-commands. Config mode consists of the hostname followed by "(config)#". To enter config mode, type the following:
(controller)# config t
(controller)#show ap active
- Show active APs terminated on controller
- Display AP uptime – useful when clients report connectivity issues to an AP. Verify the AP uptime is consistent with others.
(controller)#show ap bss-table
- Display BSSIDs in your WLAN.
- Verify an AP is broadcasting your ESSID.
- Provide BSSIDs to your Lync admins to import for E911/location services.
(controller)#show ap database
- List all APs regardless of up/down status.
- After upgrading the controller, display AP upgrade status. Useful when upgrades are taking a while (ex: RAPs) and you need to verify the activity.
(controller)#show ap arm history
- Displays channel/power changes.
- Determine why an AP changed channels/power levels and how often.
(controller)#show ap arm neighbors
- Displays all APs that a given AP can hear.
- In dense environments, may be helpful in identifying interferrers, rogues, or suspected rogues.
(controller)#show ap association
- Displays BSSID/ESSID connected to, time associated to current AP, PHY type, SNR, and more.
- Useful for verifying connectivity and roaming issues. Check association time to see if it matches up with time an issue was reported.
(controller)#show datapath session table
- Verify a client is passing traffic.
- When a client reports they’re unable to access a resource on the network; will display denied traffic.
- Verify voice/video traffic is tagged.
- Display connected clients, the SSID they’re connected to, and their role.
- Use to verify a client is connected and the length of time.
(controller)# show ap arm client-match history
- Displays ClientMatch events.
- Find sticky clients.
- If a user reports connectivity issues, look for excessive ClientMatch events.
- AOS 6.3 feature only.
- Display’s client authentication – EAP messages, WPA key exchange.
- Useful if 802.1X is failing for a client.
(controller)#show aaa authentication-server radius statistics
- Display statistics for troubleshooting issues with you RADIUS servers.
- Display ACLs and bandwidth contracts assigned to user roles.
- Helpful if client reports issues connecting to a network resource.
(controller-config)#logging debug user-debug aa:bb:cc:11:22:33
(controller)#show log debug user-debug aa:bb:cc:11:22:33
- Enables debug logging for a client.
- Allows you to view the running configuration passwords and keys in plain text.
- Great when you’ve forgotten what you set your RADIUS keys to.
- Reboot any AP remotely.
- Can be done by individual AP, AP group, local APs, global APs, etc.
c:\> netsh wlan show interface
- Displays wireless connectivity on the client. BSSID, channel, and signal are typically what I’m looking for.
- When testing roaming, walk with your laptop open and constantly refresh the command to see when you switch BSSIDs
- In dual-band environments, determine which band you’ve connected to by looking for the channel #.
Show commands don’t have to be run from the enable prompt. Can use in config mode.
Ex: (controller-config)# show ap active
Pipe commands to filter output, using include, exclude or begin.
Ex: (controller)#show ap active | inc Floor4_AP
For logging output, enter a # to display only the last # of messages.
Ex: (controller)# show log all 25