Wireless Access

Reply
Community Administrator
Posts: 2,280
Registered: ‎12-03-2013

Helpful CLI Commands

to build upon this article here are a few more commands I find myself using quite a bit . There is some drilling with some of the commands just to show specific you can get.

 

Everyone has their own method and with all you brilliant folks there has to be some more that you prefer. So you experts, please add to the list if you have some other "go-to" commands. 

_________________________________________________________________________________

 

--(Controller5) #show ap port status ap-name "AP 275"

 

AP "AP 275" Port Status (updated every 60 seconds)

--------------------------------------------------

Port  MAC                Type  Forward Mode  Admin    Oper  Speed   Duplex  802.3az   PoE  STP  TX-Packets  TX-Bytes    RX-Packets  RX-Bytes

----  ---                ----  ------------  -----    ----  -----   ------  -------   ---  ---  ----------  --------    ----------  --------

0     94:b4:0f:cb:03:06  GE    N/A           enabled  up    1 Gb/s  full    disabled  N/A  N/A  154633588   3727293658  317742748   3306051752

1     94:b4:0f:cb:03:07  GE    tunnel        enabled  down  N/A     N/A     N/A       N/A  N/A  0           0           0           0

___________________________________________________________________________________

(Controller5) #show arp

Protocol Address Hardware Address Interface
Internet 192.168.1.106 60:BE:B5:03:22:63 vlan6
Internet 192.168.1.124 FC:C2:DE:28:39:26 vlan6
Internet 192.168.25.2 00:1A:1E:14:FA:40 vlan25
Internet 192.168.11.96 00:0B:86:EF:1C:30 vlan7

 

--(Controller5) #show arp vlan 7

 

Protocol        Address         Hardware Address        Interface

Internet        192.168.11.94   00:0B:86:F5:21:22       vlan7

Internet        192.168.11.97   00:0B:86:F5:21:1A       vlan7

 

--(Controller5) #show arp vlan 7 | include 192.168.11.206

Internet        192.168.11.206  E0:B9:A5:F5:CD:9C       vlan7

___________________________________________________________________________________

 

(Controller5) #show switches

 

All Switches

------------

IP Address  Name         Location          Type    Model      Version        Status  Configuration State  Config Sync Time (sec)  Config ID

----------  ----         --------          ----    -----      -------        ------  -------------------  ----------------------  ---------

10.1.1.1    Controller5  Building1.floor1  master  Aruba3200  6.4.3.3_50954  up      UPDATE SUCCESSFUL    0                       39

___________________________________________________________________________________

 

(Controller5) #show auth-tracebuf

Auth Trace Buffer

-----------------

Oct  7 08:37:09  eap-tlv-rslt-success  <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  43

Oct  7 08:37:09  eap-tlv-rslt-success  ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  2

Oct  7 08:37:09  eap-success           <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  4

Oct  7 08:37:09  wpa2-key1             <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  117

Oct  7 08:37:09  wpa2-key2             ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  117

Oct  7 08:37:09  wpa2-key3             <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  151

Oct  7 08:37:09  wpa2-key4             ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  95

Oct  7 08:37:23  station-down           *  78:fd:94:29:61:9e  94:b4:0f:30:30:63                   -  -

Oct  7 08:37:23  station-up             *  78:fd:94:29:61:9e  94:b4:0f:30:30:75                   -  -    wpa2 psk aes

 

(Controller5) #show auth-tracebuf | include e0:b9:a5:f5:cd:9c count 10

Auth Trace Buffer

-----------------

Oct  8 23:38:48  mschap-response       <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/Internal          -  -    jamie.easley

Oct  8 23:38:48  eap-mschap-success    <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  83

Oct  8 23:38:48  eap-mschap-success-ack->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  -

Oct  8 23:38:48  eap-tlv-rslt-success  <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  43

Oct  8 23:38:48  eap-tlv-rslt-success  ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  2

Oct  8 23:38:48  eap-success           <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60/dot1x_prof-ylc11  -  4

Oct  8 23:38:48  wpa2-key1             <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  117

Oct  8 23:38:48  wpa2-key2             ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  117

Oct  8 23:38:48  wpa2-key3             <-  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  151

Oct  8 23:38:48  wpa2-key4             ->  e0:b9:a5:f5:cd:9c  94:b4:0f:30:30:60                   -  95

__________________________________________________________________________________

(Controller5) #show vrrp

 

Virtual Router 50:

    Description primary-master

    Admin State UP, VR State INIT

    IP Address 10.11.50.110, MAC Address 00:00:5e:00:01:32, vlan 50

    Priority 110, Advertisement 1 sec, Preemption Enable Delay 0

    Auth type PASSWORD, Auth data&colon; ********

    tracking type is master-up-time, duration 30 minutes, value 20

    tracked priority 130

___________________________________________________________________________________

 (I like ALL of these)

(Controller5) (config) #logging level debugging user subcat ?

all                     Enable logging of all the sub-categories

captive-portal          Captive portal user logging

client-match            ARM Client match user logging

dot1x                   Dot1x logging

mapc                    IF-MAP Client logging

pan                     Palo Alto Networks Interface logging

radius                  Radius user logging

voice                   Voice user logging

vpn                     VPN logging

__________________________________________________________________________________

 

(Controller5) (config) #logging level debugging ap-debug "AP 275"

(Controller5) #show log ap-debug all

Oct 9 09:49:29 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  sapd_send_log_config: sending log 1005 config msg 1 to 8370

Oct 9 09:49:29 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  sapd_send_log_config: sending log 1005 config msg 1 to 8451

Oct 9 09:49:29 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  sapd_send_log_config: sending log 1005 config msg 1 to 8410

Oct 9 09:49:29 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  sapd_send_log_config: sending log 1005 config msg 1 to 8433

Oct 9 09:49:30 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  sapd_check_lacp: Counter 0

Oct 9 09:49:30 :311009:  <DBUG> |AP AP 275@192.168.11.2 sapd|  power profile: POE-AT

Oct 9 09:49:30 :326001:  <DBUG> |AP AP 275@192.168.11.2 sapd|  AM: spec_construct_amp_msg - MM: No spec devices to send to controller

Oct 9 09:49:30 :326001:  <DBUG> |AP AP 275@192.168.11.2 sapd|  AM: process_eif_packet: Untagged Frame Received 806 806

(config) #no logging level debugging ap-debug "AP 275"

__________________________________________________________________________________

 

(Controller5) #aaa test-server pap internal jamie.easley password

Authentication Successful

(Controller5) #aaa test-server pap internal jamie.easley password1

Authentication failed

___________________________________________________________________________________

 

(Controller5) #apboot ?

all                     Reboot all APs

ap-group                Reboot APs in this group

ap-name                 Reboot AP with this name

ip-addr                 Reboot AP at this IP address

ip6-addr                Reboot AP at this IPv6 address

wired-mac               Reboot AP at this MAC address

___________________________________________________________________________________

 

(Controller5) #show rf arm-profile "default"

Adaptive Radio Management (ARM) profile "default"

-------------------------------------------------

Parameter                                                                    Value

---------                                                                    -----

Assignment                                                                   single-band

Allowed bands for 40MHz channels                                             a-only

80MHz support                                                                Enabled

Client Aware                                                                 Enabled

Max Tx EIRP                                                                  127 dBm

Min Tx EIRP                                                                  3 dBm

Rogue AP Aware                                                               Disabled

Scan Interval                                                                10 sec

Aggressive scanning                                                          true

Active Scan                                                                  Disabled

ARM Over the Air Updates                                                     Enabled

Scanning                                                                     Enabled

Multi Band Scan                                                              Enabled

VoIP Aware Scan                                                              Enabled

Power Save Aware Scan                                                        Disabled  

Video Aware Scan                                                             Enabled

Ideal Coverage Index                                                         10

Acceptable Coverage Index                                                    4

Free Channel Index                                                           25

Backoff Time                                                                 240 sec

Error Rate Threshold                                                         50 %

Error Rate Wait Time                                                         30 sec

Channel Quality Aware Arm                                                    Disabled

Channel Quality Threshold                                                    70 %

Channel Quality Wait Time                                                    120 sec

Minimum Scan Time                                                            8

Load aware Scan Threshold                                                    1250000 Bps

Mode Aware Arm                                                               Disabled

Scan Mode                                                                    all-reg-domain

Cellular handoff assist                                                      Disabled

Client Match                                                                 Enabled

Client Match report interval (sec)                                           30

Allows Client Match to automatically clear unsteerable clients after ageout  Enabled

Client Match Unsteerable Client Ageout Interval                              2 Days 0 Hours

Client Match Band Steer G Band Max Signal (-dBm)                             45

Client Match Band Steer A Band Min Signal (-dBm)                             75

Client Match Sticky Client Check Interval (sec)                              3

Client Match Sticky client check SNR (dB)                                    18

Client Match SNR threshold(dB)                                               10

Client Match Sticky Min Signal                                               65

Client Match Restriction timeout (sec)                                       10

Client Match Load Balancing threshold (%)                                    20

Client Match IOS Steer Backoff interval (sec)                                300

Client Match VBR Stale Entry Age (sec)                                       120

Client Match Max steer failures                                              2

Client Match Load Balancing client threshold                                 30

Client Match Load Balancing SNR threshold (dB)                               30

Client Match Load Balancing signal delta bound (dB)                          5

Client Match 11v BSS Transition Management                                   Enabled

 

(Controller5) #show rf arm-profile "default" | include client

Allows Client Match to automatically clear unsteerable clients after ageout  Enabled

Client Match Sticky client check SNR (dB)                                    18

Client Match Load Balancing client threshold                                 30

___________________________________________________________________________________

 

 

 

CWNA, ACMP, Security +
Search Airheads
Showing results for 
Search instead for 
Did you mean: