Table of Contents
CLI Commands
What was that command again when it is all down? config port adminmode all enable :) Show Authentication Stats show radius auth statistics Packet Capture From WLC config ap packet-dump ftp serverip 192.168.0.42 path \ username cisco password cisco config ap packet-dump classifier data enable config ap packet-dump start 00:00:00:00:00:00 Will stop after 10 minutes otherwise use config ap packet-dump stop Wired Guest To Anchor Controller Assuming there is an anchor controller Site Side 1. Create wired guest vlan on access switch 2. move access port to wired guest vlan 3. Add wired guest vlan to switches/trunks going to local wlc trunk port Local Controller 1. Create wired guest interface a. Check guest lan b. Use local wired guest vlan 2. Create wired guest wlan a. Enable it b. Ingress interface will be interface previously made c. Egress will be management d. No security enabled. 3. Assuming there are already an anchor controller(s) and mobility group(s) created. a. Attach mobility anchors to wired guest vlan Anchor Controller 1. Create wired guest wlan a. Enable it b. No ingress interface c. Egress will be exit interface group, probably the one already created for other wireless guests d. No security 2. Assuming from step 3 on local controller mobility groups are already established. Show AP Event Log show ap eventlog AP-NAME Create Interfaces config interface create <interface name> <vlan id> interface address dynamic-interface <interface name> <interface IP> <mask> <gateway> interface dhcp dynamic-interface <interface name> primary xx.xx.xx.xx secondary xx.xx.xx.xx interface vlan <interface name> <vlan id> interface port <interface name> <port ID> Disable Radios config 802.11b disable network config 802.11a disable network Get Wireless AP MAC From WLC show advanced 802.11a summary show advanced 802.11b summary Reboot AP config ap reset <ap name> Set Primary Controller For AP config ap primary-base <controllername> <ap name> <controller IP> WLC Debug Commands debug disable-all debug mac addr debug client debug capwap debug dhcp debug dtls Redirects AP Console output to WLC session debug ap enable AP-NAME < Enables AP Remote Debug debug ap command "AP COMMAND" AP-NAME < Run AP command from WLC debug ap disable AP-NAME <Shuts off debugging Packet Capture WLC > FTP config ap packet-dump ftp serverip 192.168.0.xx path /cisco username cisco password cisco config ap packet-dump classifier data enable config ap packet-dump classifier control enable config ap packet-dump classifier management enable config ap packet-dump start client_mac
Converting SSO WLC to N+1 Redundancy
Active WLC -Save config -Start ping to active WLC -Disconnect heartbeat cable -Disconnect network cables on secondary wlc -Verify active WLC is online Secondary WLC -Console into -Disable SSO (config mode redundancy disable), reboot WLC -Change management address/host name -Change interface addresses -Reconnect network cable -Verify primary is still up and running -Verify secondary comes up -Add secondary WLC to Prime/Monitoring -Upgrade FUS if needed -Upgrade software -Config mobility tunnel -Check software license -Move 1 AP over to HA WLC -Test network connectivity
Backup/Restore WLC (2504)
If controller is defaulted and cable from Port 2 to laptop doesn't let you get to the web page, defaults will need to be entered. After basic config go to webpage and download backed up config to controller. CLI Version Cisco Controller) >transfer upload mode tftp (Cisco Controller) >transfer upload datatype config (Cisco Controller) >transfer upload filename wlcback (Cisco Controller) >transfer upload path . (Cisco Controller) >transfer upload serverip 192.168.0.82 (Cisco Controller) >transfer upload start Mode............................................. TFTP TFTP Server IP................................... 192.168.0.82 TFTP Path........................................ ./ TFTP Filename.................................... wlcback Data Type........................................ Config File Encryption....................................... Disabled ************************************************** *** WARNING: Config File Encryption Disabled *** ************************************************** Are you sure you want to start? (y/N) y TFTP Config transfer starting. File transfer operation completed successfully. (Cisco Controller) >transfer download mode tftp (Cisco Controller) >transfer download datatype config (Cisco Controller) >transfer download filename wlcreturn (Cisco Controller) >transfer download path . (Cisco Controller) >transfer download serverip 192.168.0.82 (Cisco Controller) >transfer download start Mode............................................. TFTP Data Type........................................ Config TFTP Server IP................................... 192.168.0.82 TFTP Packet Timeout.............................. 6 TFTP Max Retries................................. 10 TFTP Path........................................ ./ TFTP Filename.................................... wlcreturn Encrypt/Decrypt Flag............................. Disabled Warning: Downloading configuration will cause the controller to reset... This may take some time. Are you sure you want to start? (y/N)
External AP Reminder
If AP is not joining WLC: This can happen if the Lightweight Access Point was shipped with a mesh image and is in Bridge mode. If the LAP was ordered with mesh software on it, you need to add the LAP to the AP authorization list. Choose Security > AP Policies and add AP to the Authorization List. The AP should then join, download the image from the controller, then register with the WLC in bridge mode. Then you need to change the AP to local mode. The LAP downloads the image, reboots and registers back to the controller in local mode.