What version
#show image version
Bounce Users and re-associate
aaa user delete all
AP Commands
AP Status
(192.168.2.181) #show ap database
AP Database
-----------
Name Group AP Type IP Address Status Flags Switch IP
---- ----- ------- ---------- ------ ----- ---------
1.1.1 default 61 192.168.2.5 Up 29m:6s 192.168.2.82
CEO default 70 192.168.2.4 Up 3d:6h:36m:42s 192.168.2.82
LeftAP default 61 192.168.2.10 Up 29m:6s 192.168.2.82
Flags: U = Unprovisioned; N = Duplicate name; G = No such group; R = Remote AP
Total APs:3
List Physical APs
(Aruba200) # show ap active
Active AP Table
---------------
Name Group IP Address 11g Clients 11g Ch/Pwr 11a Clients 11a Ch/Pwr AP Type Flags Uptime
---- ----- ---------- ----------- ---------- ----------- ---------- ------- ----- ------
1.1.1 default 192.168.2.4 1 AP:1/11 0 61 23h:22m:34s
CEO default 192.168.2.5 0 AP:1/11 0 AP:40/30 70 A 13h:34m:2s
LeftAP default 192.168.2.11 0 AP:11/30 0 61 23h:22m:34s
Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On
Num APs:3
Verify: AP Can’t Connect to Controller
(Aruba200) #show ap debug counters ap-name CEO
AP Counters
-----------
Name Group IP Address Configs Sent Configs Acked AP Boots Sent AP Boots Acked Bootstraps Reboots
---- ----- ---------- ------------ ------------- ------------- -------------- ---------- -------
CEO default 192.168.2.4 60 60 0 0 592 3
Good debug Commands:
'show ap association client-mac'
'show ap debug client-table ap-name'
'show ap arm rf-summary ip-addr'
'show ap monitor ap-list xxxxx'
'sh ap database'
'sh ap active'
'sh user'
"sh ap debug radio-stats apname radio 0(5ghz) radio 1(2.4ghz)"
look at "Channel Busy" - values are in percent (%) (40-60 percent or greater -- channel is saturated)
...when looking at WIPs
Show ap arm scan times ap-name
verify that the AP/AM has scanned channels, how many times a channel was visited etc.
Show ap monitor scan-info
scanning info about AMs
Show ap monitor containment-info
low level containment info from an AP so you can see what the AP is attempting. Has it sent any deauths? Is it trying to tarpit?
Show wms rogue-ap
Show wms monitor-summary
show wms routers
shows heard wired routers. These will be used for wired detection
show snmp trap-list
provides a full list of snmp traps and if they are enabled. An IDS event needs to be enabled in the IDS profile and the SNMP trap has to be enabled for traps to be sent to airwave
show snmp trap-hosts
provides a list of the IP addresses that will receive the snmp traps. AMP needs to be in that list for AMP to display any IDS events.
wms clean-db followed by reload
cleandb will clear out the wms db. Reloading the controller will start it up with that clear db. This is very useful when doing lab testing and you want to make sure previous test setup and data isn’t contaimenating current info.
Show mobility-managers
Show any AMPs that have been configured on the controller
Show log security 20
show the last 20 security log messages
Web UI Wizard: okay so this isn’t a CLI command but it is by far the easiest way to tell if your APs/controller is configured to run containment or has IDS events turned on