c8:b5:ad:c8:84:ac# show tech-support supplemental show clock Current Time :1970-01-01 08:09:08 c8:b5:ad:c8:84:ac# show alert global Client Alerts ------------- Timestamp Type MAC Address Description Access Point --------- ---- ----------- ----------- ------------ c8:b5:ad:c8:84:ac# show stats global Swarm Global Stats ------------------ Timestamp Clients Frames [Out] (fps) Frames [In] (fps) Throughput [Out] (bps) Throughput [In] (bps) --------- ------- ------------------ ----------------- ---------------------- --------------------- 08:08:41 0 0 0 0 0 08:08:11 0 0 0 0 0 08:07:41 0 0 0 0 0 08:07:11 0 0 0 0 0 08:06:40 0 0 0 0 0 08:06:10 0 0 0 0 0 08:05:40 0 0 0 0 0 08:05:10 0 0 0 0 0 08:04:40 0 0 0 0 0 08:04:09 0 0 0 0 0 08:03:36 0 0 0 0 0 08:03:05 0 0 0 0 0 Access Point Heatmap -------------------- Access Points Utilization Noise Errors ------------- ----------- ----- ------ c8:b5:ad:c8:84:ac good good good Client Heatmap -------------- Clients Signal Speed IP Address ------- ------ ----- ---------- c8:b5:ad:c8:84:ac# show dhcp-allocation ---------------------/etc/dnsmasq.conf-------------------- listen-address=127.0.0.1 addn-hosts=/etc/ld_eth_hosts addn-hosts=/etc/ld_ppp_hosts dhcp-src=172.31.98.1 dhcp-leasefile=/tmp/dnsmasq.leases dhcp-authoritative filterwin2k #magic-vlan { vlan-id=3333 dhcp-range=172.31.98.3,172.31.99.254,255.255.254.0,12h dhcp-option=1,255.255.254.0 dhcp-option=3,172.31.98.1 dhcp-option=6,8.8.8.8 dhcp-option=54,172.31.98.1 } ---------------------/tmp/dnsmasq.leases------------------ c8:b5:ad:c8:84:ac# show ap debug radius-statistics RADIUS Statistics ----------------- Statistics InternalServer ---------- -------------- In Service: Management Auth Not used In Service: SetMeUp-C8:84:AC Not used Accounting Requests 0 Raw Requests 0 PAP Requests 0 CHAP Requests 0 MS-CHAP Requests 0 MS-CHAPv2 Requests 0 Mismatch Response 0 Invalid Secret 0 Access-Accept 0 Access-Reject 0 Accounting-Response 0 Access-Challenge 0 Unknown Response code 0 Timeouts 0 AvgRespTime (ms) 0 Total Requests 0 Total Response 0 Read Error 0 Outstanding Auths 0 Outstanding Requests 0 Acc-RTTS Rq 0 Acc-RTTS Rsp 0 SEQ first/last/free 0/0/0 SEQ total/free 0/0 c8:b5:ad:c8:84:ac# show ap debug radius-statistics termination RADIUS Statistics ----------------- Statistics ---------- In Service: Management Auth In Service: SetMeUp-C8:84:AC Accounting Requests Raw Requests PAP Requests CHAP Requests MS-CHAP Requests MS-CHAPv2 Requests Mismatch Response Invalid Secret Access-Accept Access-Reject Accounting-Response Access-Challenge Unknown Response code Timeouts AvgRespTime (ms) Total Requests Total Response Read Error Outstanding Auths Outstanding Requests Acc-RTTS Rq Acc-RTTS Rsp SEQ first/last/free SEQ total/free c8:b5:ad:c8:84:ac# show ap debug airwave Airwave Server List ------------------- Domain/IP Address Type Mode Config-only Status ----------------- ---- ---- ----------- ------ c8:b5:ad:c8:84:ac# show interface counters bond0 is up, line protocol is up Hardware is Gigabit Ethernet, address is c8:b5:ad:c8:84:ac Speed 100Mb/s, duplex full Received packets 344 Received bytes 25260 Receive dropped 7 Receive errors 0 Receive missed errors 0 Receive overrun errors 0 Receive frame errors 0 Receive CRC errors 0 Receive length errors 0 Transmitted packets 613 Transmitted bytes 32616 Transmitted dropped 0 Transmission errors 0 Lost carrier 0 c8:b5:ad:c8:84:ac# show port status Port Status ----------- Port Type Admin-State Oper-State STP-State ---- ---- ----------- ---------- --------- bond0 GE up up N/A c8:b5:ad:c8:84:ac# show external-captive-portal External Captive Portal ----------------------- Name Server Port Url Auth Text Redirect Url Server Fail Through Disable Auto Whitelist Use HTTPs Server Offload Prevent Frame Overlay In Use Redirect Mode Switch IP ---- ------ ---- --- --------- ------------ ------------------- ---------------------- --------- -------------- --------------------- ------ ------------- --------- default localhost 80 / Authenticated Disable Enable Yes No Disable No Yes No c8:b5:ad:c8:84:ac# show ale config ALE Config ---------- Type Value ---- ----- ale-server ale-report-interval 30 c8:b5:ad:c8:84:ac# show ale status ALE Status ---------- Type Value ---- ----- ale login status False ale login status code ale fail times 0 ale request state Idle ale rssi post request buffered 0 ale free to send count 4 c8:b5:ad:c8:84:ac# show ap debug rfc3576-radius-statistics RADIUS RFC3576 Statistics ------------------------- Statistics InternalServer ---------- -------------- In Service: Management Auth Not used In Service: SetMeUp-C8:84:AC Not used Disconnect Requests 0 Disconnect Accepts 0 Disconnect Rejects 0 No Secret 0 No Session ID 0 Bad Authenticator 0 Invalid Request 0 Packets Dropped 0 Unknown service 0 CoA Requests 0 CoA Accepts 0 CoA Rejects 0 No permission 0 SEQ first/last/free 0/0/0 Packets received from unknown clients ::0 Packets received with unknown request ::0 Total RFC3576 packets Received ::0 c8:b5:ad:c8:84:ac# show ap debug persistent-clients Persistent Clients ------------------ MAC Address ESSID State Expired Update Time Expiration Time ----------- ----- ----- ------- ----------- --------------- c8:b5:ad:c8:84:ac# show ap debug crash-info c8:b5:ad:c8:84:ac# show log l3-mobility c8:b5:ad:c8:84:ac# show clock Current Time :1970-01-01 08:09:11 c8:b5:ad:c8:84:ac# show log papi-handler 1970-01-01 08:02:09 [2356] [init]: Data region not initialized. Retry init later. 1970-01-01 08:02:09 [2356] [init]: TPM not initialized yet. 1970-01-01 08:02:09 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:14 [2356] [init]: TPM not initialized yet. 1970-01-01 08:02:14 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:19 [2356] [init]: TPM not initialized yet. 1970-01-01 08:02:19 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:24 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:24 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:29 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:29 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:34 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:34 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:39 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:39 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:44 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:44 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:49 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:49 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:54 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:54 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:02:59 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:02:59 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:04 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:04 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:09 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:09 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:14 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:14 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:19 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:19 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:24 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:24 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:29 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:29 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:34 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:34 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:39 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:39 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:44 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:44 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:49 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:49 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:54 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:54 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:03:59 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:03:59 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:04 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:04 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:09 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:09 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:14 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:14 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:19 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:19 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:24 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:24 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:29 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:29 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:34 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:34 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:39 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:39 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:44 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:44 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:49 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:49 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:54 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:54 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:04:59 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:04:59 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:04 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:04 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:09 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:09 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:14 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:14 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:19 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:19 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:24 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:24 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:29 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:29 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:34 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:34 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:39 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:39 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:44 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:44 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:49 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:49 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:54 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:54 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:05:59 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:05:59 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:04 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:04 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:09 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:09 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:14 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:14 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:19 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:19 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:24 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:24 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:29 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:29 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:34 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:34 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:39 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:39 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:44 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:44 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:49 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:49 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:54 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:54 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:06:59 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:06:59 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:05 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:05 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:10 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:10 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:15 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:15 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:20 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:20 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:25 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:25 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:30 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:30 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:35 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:35 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:40 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:40 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:45 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:45 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:50 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:50 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:07:55 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:07:55 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:00 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:00 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:05 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:05 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:10 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:10 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:15 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:15 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:20 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:20 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:25 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:25 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:30 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:30 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:35 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:35 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:40 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:40 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:45 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:45 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:50 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:50 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:08:55 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:08:55 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:09:00 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:09:00 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:09:05 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:09:05 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:09:10 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:09:10 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:09:15 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:09:15 [2356] [init]: Retry dtls init in 5 sec. 1970-01-01 08:09:20 [2356] [init]: Load verify certs failed. -150(ASN date error, current date before) 1970-01-01 08:09:20 [2356] [init]: Retry dtls init in 5 sec. c8:b5:ad:c8:84:ac# show image version Primary Partition :0 Primary Partition Build Time :2017-05-24 19:52:25 AST Primary Partition Build Version :6.5.3.0-6.5.3.0_59775 (Digitally Signed - Production Build) Backup Partition :1 Backup Partition Build Time :2017-05-24 19:52:25 AST Backup Partition Build Version :6.5.3.0-6.5.3.0_59775 (Digitally Signed - Production Build) AP Images Classes ----------------- Class ----- Ursa c8:b5:ad:c8:84:ac# show cluster-security Cluster Security Profile ------------------------ Parameter Value --------- ----- DTLS config Disabled DTLS state Disabled Low assurance devices Allow Reboot required No c8:b5:ad:c8:84:ac# show cluster-security stats Cluster Security Statistics --------------------------- Statistic Name Counts -------------- ------ No resource 0 Dropped messages 0 New connection alloc success/fail/free 0/0/0 New connection establishment success/fail 0/0 Connection lookup fail 0 Connection init attempts 0 Connection renegotiations attempts 0 Connection init request fail 0 Connection response attempts 0 Connection disallow, low assurance pki cert 0 New peers alloc success/fail/freed 0/0/0 Peer init response fail 0 Peer connection slots full 0 Signing module not init/async fail 3/0 Entropy not available 0 Retrieve date-time fail 85 Inits retried 87 Connection timeouts 0 Connection timeouts (inactivity) 0 Connection responses timeouts 0 Handshake fail after retransmit 0 Handshake fail after signing in retries 0 Signing module op attempts/success/fail/busy 0/0/0/0 Socket msgs rx success/fail 0/0 Discovery msg tx success/fail 0/0 Discovery msg rx (allowed) 0 Msg rx on old ports (dropped) 0 Unsecure msg tx success/fail 0/0 Unsecure msg rx allow/drop 0/0 Loopback msg sent to AP's uplink IP 0 c8:b5:ad:c8:84:ac# show cluster-security connections --------------------------------- IDX :Connection Index Flags :I-Initiator, R-Responsder Inactivity :Time remaining till inactivity timeout Re-Neg :Time remaining till Re-negotiation --------------------------------- Cluster Security DTLS Connections --------------------------------- Local IDX Remote IDX State Flags Local Address Peer Address Rx bytes Tx bytes Age Inactivity Re-Neg --------- ---------- ----- ----- ------------- ------------ -------- -------- --- ---------- ------ Total connections count:0 c8:b5:ad:c8:84:ac# show cluster-security connections stats c8:b5:ad:c8:84:ac# show cluster-security peers --------------------------- IDX :Connection Index --------------------------- Cluster Security DTLS Peers --------------------------- Peer Address State Local IDX ------------ ----- --------- Total peers count:0 c8:b5:ad:c8:84:ac# show cluster-security peers stats c8:b5:ad:c8:84:ac# show ap tpm-info Status: Ready vendor: ATML version: 01.02 rev: 42.06 spec: 00.02 errata: 03 TIMEOUT_A: 750 TIMEOUT_B: 2000 TIMEOUT_C: 750 TIMEOUT_D: 750 c8:b5:ad:c8:84:ac# show ap client-match-ssid-table Client Match is disabled:Client match is not configured c8:b5:ad:c8:84:ac# show ap arm scan-times Channel Scan Time ----------------- channel assign-time(ms) scans-attempted scans-rejected scans-deferred dos-scans flags timer-tick ------- --------------- --------------- -------------- -------------- --------- ----- ---------- 34 408000 0 0 0 0 DY 0 36 0 0 0 0 0 DLY 0 38 0 0 0 0 0 DY 0 40 0 0 0 0 0 DUYJ 0 42 0 0 0 0 0 DY 0 44 0 0 0 0 0 DLYM 0 46 0 0 0 0 0 DY 0 48 0 0 0 0 0 DUYJ 0 52 0 0 0 0 0 DLYM 0 56 0 0 0 0 0 DUYJ 0 60 0 0 0 0 0 DLYM 0 64 0 0 0 0 0 DUY 0 100 0 0 0 0 0 DLY 0 104 0 0 0 0 0 DUYJ 0 108 0 0 0 0 0 DLYM 0 112 0 0 0 0 0 DUYJ 0 116 0 0 0 0 0 DLYM 0 120 0 0 0 0 0 DUYJ 0 124 0 0 0 0 0 DLYM 0 128 0 0 0 0 0 DUYJ 0 132 0 0 0 0 0 DLYM 0 136 0 0 0 0 0 DUYJ 0 140 0 0 0 0 0 DLYM 0 144 0 0 0 0 0 DUY 0 149 0 0 0 0 0 DLY 0 153 0 0 0 0 0 DUYJ 0 157 0 0 0 0 0 DLYM 0 161 0 0 0 0 0 DUY 0 165 0 0 0 0 0 D 0 1 0 0 0 0 0 DL 0 2 0 0 0 0 0 DL 0 3 0 0 0 0 0 DL 0 4 0 0 0 0 0 DL 0 5 0 0 0 0 0 DUL 0 6 0 0 0 0 0 DUL 0 7 0 0 0 0 0 DUL 0 8 0 0 0 0 0 DUL 0 9 0 0 0 0 0 DUL 0 10 0 0 0 0 0 DU 0 11 0 0 0 0 0 DU 0 12 0 0 0 0 0 DU 0 13 0 0 0 0 0 DU 0 14 0 0 0 0 0 D 0 Channel Flags: D: All-Reg-Domain Channel, C: Reg-Domain Channel, A: Activity Present, Y: Scan 80MHz, L: Scan Secondary Above, U: Scan Secondary Below, Z: Rare Channel V: Valid, T: Valid 20MHZ Channel, F: Valid 40MHz Channel, P: Valid 40MHZ Channel Pair E: Valid 80/80+80MHz Channel (First 20M), B: Belongs to valid 80/80+80MHz channel G: Valid 160MHz Channel (First 20M), Q: Belongs to valid 160MHz channel O: DOS Channel, K: DOS 40MHz Upper, H: DOS 40MHz Lower, N: Split Channel Scan R: Radar detected in last 30 min, X: DFS required, S: Transmit Allowed J: Unconventional Scan 40MHz Above, M: Unconventional Scan 40MHz Below WIF Channel Scanning State --------------------------- Scan mode channel current-scan-channel last-dos-channel timer-milli-tick next-scan-milli-tick (jitter) scans (Tot:Rej:Eff(%):Last intvl(%)) --------- ------- -------------------- ---------------- ---------------- ----------------------------- ------------------------------------ Default 0 0 0 426000 0 (0) 1:0:100:0 Default 0 0 0 426000 0 (0) 1:0:100:0 c8:b5:ad:c8:84:ac# show ap debug am-config Radio Configuration for wifi0 ----------------------------- Parameter Value --------- ----- Preferred Channel 11 Tx Power 0.0 VHT Enabled 0 Radio Configuration for wifi1 ----------------------------- Parameter Value --------- ----- Preferred Channel 0 Tx Power 12.7 VHT Enabled 0 ARM Configuration for wifi0 ---------------------------- Parameter Value --------- ----- Assignment 0 Client Aware 1 Mode Aware 0 OTA Updates 0 Scanning 1 Scan Interval 10 Rogue AP Aware 0 Max Tx Power (cfg/internal) 12/12 Min Tx Power (cfg/internal) 6/6 Scan Mode reg-domain 40 MHz/80 MHz 1/1 Channel Quality aware/qual thresh/qual wait time 0/40/120 Aggressive scans 0 Frequent scan action 1 Client Match/Upd intvl 0/0 Sticky (Intvl/SNR/SNR thr/Min Sig) 0/0/0/0 Bandsteer (g max sig/a min sig) 0/0 Ideal Coverage Index 10 Acceptable Coverage Index 4 Free Channel Index 25 Backoff Time 240 Intf AP Weight 25 ARM Configuration for wifi1 ---------------------------- Parameter Value --------- atermark 0 Frame Fragmentation Rate High Watermark 0 Frame Fragmentation Rate Low Watermark 0 Frame Low Speed Rate High Watermark 0 Frame Low Speed Rate Low Watermark 0 Frame Non Unicast Rate High Watermark 0 Frame Non Unicast Rate Low Watermark 0 Frame Receive Error Rate High Watermark 0 Frame Receive Error Rate Low Watermark 0 Frame Retry Rate High Watermark 0 Frame Retry Rate Low Watermark 0 Interference Configuration -------------------------- Parameter Value --------- ----- Detect Interference Disable Interference Increase Threshold 0 Interference Increase Timeout 0 Interference Wait Time 0 IDS General Configuration ------------------------- Parameter Value --------- ----- Stats Update Interval 60 Monitored Device Stats Update Interval 60 AP Inactivity Timeout 20 Adhoc AP Inactivity Timeout 5 AP Unseen Timeout 600 Adhoc AP Unseen Timeout 180 STA Inactivity Timeout 120 STA Unseen Timeout 600 Min Potential AP Beacon Rate 25 Min Potential AP Monitor Time 2 Signature Quiet Time 900 Wireless Containment none Debug Wireless Containment Disable Wired Containment Disable Wired Containment of AP's Adj MACs Disable Wired Containment of Suspected L3 Rogue Disable Mobility Manager RTLS Disable AP Event Generation traps-only Send Adhoc Info to Controller Disable WMS Client Monitoring none Packet SNR Threshold 0 Frame Type for RSSI calculation ba pr dlow mgmt ctrl null Max Monitored Devices 1024 Max Unassociated Stations 256 Unclassified AP Updates Disable Unclassified STA Updates Disable Unclassified Device Update Interval 60 Client Detection Mode normal IDS DOS Configuration --------------------- Parameter Value --------- ----- Detect Disconnect Station Attack Disable Disconnect STA Detection Assoc Resp Threshold 5 Disconnect STA Detection Deauth-Disassoc Threshold 8 Disconnect STA Detection Quiet Time 900 Detect AP Flood Attack Disable AP Flood Threshold 50 AP Flood Increase Time 3 AP Flood Quiet Time 900 Detect Client Flood Attack Disable Client Flood Threshold 150 Client Flood Increase Time 3 Client Flood Quiet Time 900 Detect EAP Rate Anomaly Disable EAP Rate Threshold 60 EAP Rate Time Interval 3 EAP Rate Quiet Time 900 Detect CTS Rate Anomaly Disable CTS Rate Threshold 5000 CTS Rate Time Interval 5 CTS Rate Quiet Time 900 Detect RTS Rate Anomaly Disable RTS Rate Threshold 5000 RTS Rate Time Interval 5 RTS Rate Quiet Time 900 Detect Rate Anomalies Disable Detect 802.11n 40MHz Intolerance Disable Client 40MHz Intolerance Quiet Time 900 Detect Omerta Attack Disable Omerta Attack Rate Threshold 10 Omerta Quiet Time 900 Detect FATA-Jack Attack Disable FATA-Jack Quiet Time 900 Detect TKIP Replay Attack Disable TKIP Replay Quiet Time 900 Detect ChopChop Attack Disable ChopChop Quiet Time 900 Detect Invalid Address Combination Disable Invalid Address Combination Quiet Time 900 Detect Malformed Assoc Request Disable Malformed Assoc Request Quiet Time 900 Detect Malformed HT IE Disable Malformed HT IE -Jack Quiet Time 900 Detect Overflow EAPOL Key Disable Overflow EAPOL key Quiet Time 900 Detect Malformed Auth Frame Disable Malformed Auth Frame Quiet Time 900 Detect Overflow IE Disable Overflow IE Quiet Time 900 Detect Malformed Large Duration Disable Malformed Large Duration Quiet Time 900 Detect Block ACK DoS Disable Block ACK DoS Quiet Time 900 Detect Power Save DoS Attack Disable Power Save DoS Threshold 80 Power Save DoS Quiet Time 900 IDS Rate Parameters -------------------- FrameType ChThreshold ChTime ChQuietTime NodeThreshold NodeTime NodeQuietTime --------- ----------- ------ ----------- ------------- -------- ------------- assoc 300 15 900 200 15 900 disassoc 300 15 900 200 15 900 deauth 300 15 900 200 15 900 probe-request 300 15 900 200 15 900 probe-response 300 15 900 200 15 900 auth 300 15 900 200 15 900 IDS Impersonation Configuration ------------------------------- Parameter Value --------- ----- Detect AP Impersonation Disable Protect from AP Impersonation Disable Beacon Diff Threshold 50 Beacon Increase Wait Time 3 Detect AP Spoofing Disable AP Spoofing Quiet Time 900 Detect Beacon on Wrong Channel Disable Beacon on Wrong Channel Quiet Time 900 Detect Hotspotter Attack Disable Hotspotter Quiet Time 900 IDS Unauthorized Device Profile Configuration --------------------------------------------- Parameter Value --------- ----- Detect Adhoc Networks Disable Protect from Adhoc Networks Disable Detect Windows Bridge Disable Protect Windows Bridge Disable Detect Wireless Bridge Disable Wireless Bridge detection Quiet Time 900 Detect Devices with an Invalid MAC OUI Disable MAC OUI detection Quiet Time 900 Rogue AP Classification Enable Overlay Rogue AP Classification Disable OUI-based Rogue AP Classification Disable Propagated Wired MAC based Rogue AP Classification Disable Rogue Containment Disable Suspected Rogue Containment Disable Suspect Rogue Confidence Level 100 Allow Well Known MACs Protect Valid Stations Disable Detect Bad WEP Disable Detect Misconfigured AP Disable Protect Misconfigured AP Disable Protect SSID Disable Privacy Disable Require WPA Disable Detect Unencrypted Valid Clients Disable Unencrypted Valid Clients Quiet Time 900 Protect 802.11n High Throughput Devices Disable Protect 802.11n High Throughput 40MHz Devices Disable Detect 802.11n Greenfield Activity Disable Detect Adhoc Using Valid SSID Disable Adhoc Using Valid SSID Quiet Time 900 Detect Valid Client Misassociation Disable Detect STA Assoc To Rogue Disable Detect Wireless Hosted Network Disable Wireless Hosted Network Quiet Time 0 Protect From Wireless Hosted Network Disable Valid 802.11b channel Valid 802.11a channel Config Wired MAC Table ----------------------- mac --- Valid OUIs ----------- OUI --- Valid and Protected SSIDs -------------------------- SSID ---- c8:b5:ad:c8:84:ac# show ids aps Unknown Access Points Detected ------------------------------ MAC Address Network Classification Reclassified Chan. Type Last Seen ----------- ------- -------------- ------------ ----- ---- --------- Total:0 c8:b5:ad:c8:84:ac# show ids clients Unknown Clients Detected ------------------------ MAC Address Network Classification Reclassified Chan. Type Last Seen ----------- ------- -------------- ------------ ----- ---- --------- Total:0 c8:b5:ad:c8:84:ac# show ids-detection config infrastructure detection level :off --------------------------------------------------- Policies Status Low Medium High -------- ------ --- ------ ---- detect-ap-spoofing disable enable enable enable detect-windows-bridge disable enable enable enable signature-deauth-broadcast disable enable enable enable signature-deassociation-broadcast disable enable enable enable detect-adhoc-using-valid-ssid disable disable enable enable detect-malformed-large-duration disable disable enable enable detect-ap-impersonation disable disable disable enable detect-adhoc-network disable disable disable enable detect-valid-ssid-misuse disable disable disable enable detect-wireless-bridge disable disable disable enable detect-ht-40mhz-intolerance disable disable disable enable detect-ht-greenfield disable disable disable enable detect-ap-flood disable disable disable enable detect-client-flood disable disable disable enable detect-bad-wep disable disable disable enable detect-cts-rate-anomaly disable disable disable enable detect-rts-rate-anomaly disable disable disable enable detect-invalid-addresscombination disable disable disable enable detect-malformed-htie disable disable disable enable detect-malformed-assoc-req disable disable disable enable detect-malformed-frame-auth disable disable disable enable detect-overflow-ie disable disable disable enable detect-overflow-eapol-key disable disable disable enable detect-beacon-wrong-channel disable disable disable enable detect-invalid-mac-oui disable disable disable enable client detection level :off --------------------------------------------------- Policies Status Low Medium High -------- ------ --- ------ ---- detect-valid-clientmisassociation disable enable enable enable detect-disconnect-sta disable disable enable enable detect-omerta-attack disable disable enable enable detect-fatajack disable disable enable enable detect-block-ack-attack disable disable enable enable detect-hotspotter-attack disable disable enable enable detect-unencrypted-valid disable disable enable enable detect-power-save-dos-attack disable disable enable enable detect-eap-rate-anomaly disable disable disable enable detect-rate-anomalies disable disable disable enable detect-chopchop-attack disable disable disable enable detect-tkip-replay-attack disable disable disable enable signature-airjack disable disable disable enable signature-asleap disable disable disable enable c8:b5:ad:c8:84:ac# show ids-protection config Wireless Containment :none Wired Containment :off Wired Containment AP Adjacent MAC :off Wired Containment Suspect Layer3 Rogue :off infrastructure protection level :off --------------------------------------------------- Policies Status Low High -------- ------ --- ---- protect-ssid disable enable enable rogue-containment disable enable enable protect-adhoc-network disable disable enable protect-ap-impersonation disable disable enable client protection level :off --------------------------------------------------- Policies Status Low High -------- ------ --- ---- protect-valid-sta disable enable enable protect-windows-bridge disable disable enable Wireless Containment Default :none Wired Containment Default :off Wired Containment AP Adjacent MAC Default :off Wired Containment Suspect Layer3 Rogue Default :off c8:b5:ad:c8:84:ac# show ap monitor sta-list Monitored Client Table ---------------------- mac bssid essid channel sta-type auth phy-type dt/mt ut/it snr rssi cl-delay --- ----- ----- ------- -------- ---- -------- ----- ----- --- ---- -------- Start:0 Length:0 Total:0 c8:b5:ad:c8:84:ac# show ap monitor status AP Info ------- key value --- ----- Uptime 449 AP Name c8:b5:ad:c8:84:ac LMS IP 0.0.0.0 Master IP 0.0.0.0 AP Type 365 Country Code 30 Wired Interface ---------------- mac ip gw-ip gw-mac status pkts macs gw-macs dot1q-pkts vlans --- -- ----- ------ ------ ---- ---- ------- ---------- ----- c8:b5:ad:c8:84:ac 192.168.3.2 192.168.3.1 b0:00:b4:ff:61:c0 enable 4 3 c8:b5:ad:c8:84:ac# c8:b5:ad:c8:84:ac#