CLI Commands Every Engineer Should Know

Not applicable

What version

#show image version


Bounce Users and re-associate

aaa user delete all


AP Commands


AP Status

( #show ap database

AP Database
Name    Group    AP Type  IP Address    Status            Flags  Switch IP
----    -----    -------  ----------    ------            -----  ---------
1.1.1   default  61   Up 29m:6s      
CEO     default  70   Up 3d:6h:36m:42s
LeftAP  default  61  Up 29m:6s      

Flags: U = Unprovisioned; N = Duplicate name; G = No such group; R = Remote AP

Total APs:3


List Physical APs

(Aruba200) # show ap active

Active AP Table
Name    Group    IP Address    11g Clients  11g Ch/Pwr  11a Clients  11a Ch/Pwr  AP Type  Flags  Uptime
----    -----    ----------    -----------  ----------  -----------  ----------  -------  -----  ------
1.1.1   default   1            AP:1/11     0                        61              23h:22m:34s
CEO     default   0            AP:1/11     0            AP:40/30    70       A      13h:34m:2s
LeftAP  default  0            AP:11/30    0                        61              23h:22m:34s

Flags: R = Remote AP; P = PPPOE; E = Wired AP enabled; A = Enet1 in active/standby mode;
L = Active Load Balancing Enabled; D = Disconn. Extra Calls On; B = Battery Boost On

Num APs:3


Verify: AP Can’t Connect to Controller

(Aruba200) #show ap debug counters ap-name CEO

AP Counters
Name  Group    IP Address   Configs Sent  Configs Acked  AP Boots Sent  AP Boots Acked  Bootstraps  Reboots
----  -----    ----------   ------------  -------------  -------------  --------------  ----------  -------
CEO   default  60            60             0              0               592         3

Good debug Commands:

'show ap association client-mac' 
'show ap debug client-table ap-name' 
'show ap arm rf-summary ip-addr'  
'show ap monitor ap-list xxxxx'
'sh ap database'
'sh ap active'
'sh user'
"sh ap debug radio-stats apname radio 0(5ghz) radio 1(2.4ghz)"

look at "Channel Busy" - values are in percent (%) (40-60 percent or greater -- channel is saturated)

...when looking at WIPs

Show ap arm scan times ap-name  

verify that the AP/AM has scanned channels, how many times a channel was visited etc.

Show ap monitor scan-info 

scanning info about AMs

Show ap monitor containment-info  

low level containment info from an AP so you can see what the AP is attempting. Has it sent any deauths? Is it trying to tarpit?

Show wms rogue-ap
Show wms monitor-summary
show wms routers  

shows heard wired routers. These will be used for wired detection

show snmp trap-list

provides a full list of snmp traps and if they are enabled. An IDS event needs to be enabled in the IDS profile and the SNMP trap has to be enabled for traps to be sent to airwave

show snmp trap-hosts

provides a list of the IP addresses that will receive the snmp traps. AMP needs to be in that list for AMP to display any IDS events.

wms clean-db followed by reload 

cleandb will clear out the wms db. Reloading the controller will start it up with that clear db. This is very useful when doing lab testing and you want to make sure previous test setup and data isn’t contaimenating current info.

Show mobility-managers 

Show any AMPs that have been configured on the controller

Show log security 20 

show the last 20 security log messages

Web UI Wizard: okay so this isn’t a CLI command but it is by far the easiest way to tell if your APs/controller is configured to run containment or has IDS events turned on

Version history
Revision #:
3 of 3
Last update:
‎08-25-2015 08:42 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: