CLI Commands

What was that command again when it is all down? config port adminmode all enable :)

Show Authentication Stats
	show radius auth statistics

Packet Capture From WLC
	config ap packet-dump ftp serverip 192.168.0.42 path \ username cisco password cisco
	config ap packet-dump classifier data enable
	config ap packet-dump start 00:00:00:00:00:00

	Will stop after 10 minutes otherwise use config ap packet-dump stop

Wired Guest To Anchor Controller
	Assuming there is an anchor controller

	Site Side
	1. Create wired guest vlan on access switch
	2. move access port to wired guest vlan
	3. Add wired guest vlan to switches/trunks going to local wlc trunk port

	Local Controller
	1. Create wired guest interface
		a. Check guest lan
		b. Use local wired guest vlan
	2. Create wired guest wlan
		a. Enable it
		b. Ingress interface will be interface previously made
		c. Egress will be management
		d. No security enabled.
	3. Assuming there are already an anchor controller(s) and mobility group(s) created.
		a. Attach mobility anchors to wired guest vlan

	Anchor Controller
	1. Create wired guest wlan
		a. Enable it
		b. No ingress interface
		c. Egress will be exit interface group, probably the one already created for other wireless guests
		d. No security
	2. Assuming from step 3 on local controller mobility groups are already established.
	

Show AP Event Log
	show ap eventlog AP-NAME


Create Interfaces
	config interface create <interface name> <vlan id>
	interface address dynamic-interface <interface name> <interface IP> <mask> <gateway> 
	interface dhcp dynamic-interface <interface name> primary xx.xx.xx.xx secondary xx.xx.xx.xx
	interface vlan <interface name> <vlan id>
	interface port <interface name> <port ID>


Disable Radios
	config 802.11b disable network
	config 802.11a disable network


Get Wireless AP MAC From WLC
	show advanced 802.11a summary
	show advanced 802.11b summary
		
	
Reboot AP
	config ap reset <ap name>


Set Primary Controller For AP
	config ap primary-base <controllername> <ap name> <controller IP>
	
	
WLC Debug Commands
	debug disable-all
	debug mac addr
	debug client
	debug capwap
	debug dhcp
	debug dtls


Redirects AP Console output to WLC session
	debug ap enable AP-NAME < Enables AP Remote Debug
	debug ap command "AP COMMAND" AP-NAME < Run AP command from WLC
	debug ap disable AP-NAME <Shuts off debugging


Packet Capture WLC > FTP
	config ap packet-dump ftp serverip 192.168.0.xx path /cisco username cisco password cisco
	config ap packet-dump classifier data enable
	config ap packet-dump classifier control enable 
	config ap packet-dump classifier management enable 
	config ap packet-dump start client_mac


Converting SSO WLC to N+1 Redundancy

Active WLC
  -Save config
  -Start ping to active WLC
  -Disconnect heartbeat cable
  -Disconnect network cables on secondary wlc
  -Verify active WLC is online
	
Secondary WLC
  -Console into
  -Disable SSO (config mode redundancy disable), reboot WLC
  -Change management address/host name
  -Change interface addresses
  -Reconnect network cable
  -Verify primary is still up and running
  -Verify secondary comes up
  -Add secondary WLC to Prime/Monitoring
  -Upgrade FUS if needed
  -Upgrade software 
  -Config mobility tunnel
  -Check software license
  -Move 1 AP over to HA WLC
  -Test network connectivity

Backup/Restore WLC (2504)

If controller is defaulted and cable from Port 2 to laptop doesn't let you get to the web page, defaults will need to be entered. After basic config go to webpage and download backed up config to controller.


CLI Version

Cisco Controller) >transfer upload mode tftp
(Cisco Controller) >transfer upload datatype config
(Cisco Controller) >transfer upload filename wlcback
(Cisco Controller) >transfer upload path .
(Cisco Controller) >transfer upload serverip 192.168.0.82
(Cisco Controller) >transfer upload start

Mode............................................. TFTP
TFTP Server IP................................... 192.168.0.82
TFTP Path........................................ ./
TFTP Filename.................................... wlcback
Data Type........................................ Config File
Encryption....................................... Disabled

**************************************************
***  WARNING: Config File Encryption Disabled  ***
**************************************************


Are you sure you want to start? (y/N) y
TFTP Config transfer starting.
File transfer operation completed successfully.



(Cisco Controller) >transfer download mode tftp
(Cisco Controller) >transfer download datatype config
(Cisco Controller) >transfer download filename wlcreturn
(Cisco Controller) >transfer download path .
(Cisco Controller) >transfer download serverip 192.168.0.82
(Cisco Controller) >transfer download start

Mode............................................. TFTP
Data Type........................................ Config
TFTP Server IP................................... 192.168.0.82
TFTP Packet Timeout.............................. 6
TFTP Max Retries................................. 10
TFTP Path........................................ ./
TFTP Filename.................................... wlcreturn
Encrypt/Decrypt Flag............................. Disabled

Warning: Downloading configuration will cause the controller to reset...
This may take some time.
Are you sure you want to start? (y/N)

External AP Reminder

If AP is not joining WLC:
This can happen if the Lightweight Access Point was shipped with a mesh image and is in Bridge mode. If the LAP was ordered with mesh software on it, you need to add the LAP to the AP authorization list. Choose Security > AP Policies and add AP to the Authorization List. The AP should then join, download the image from the controller, then register with the WLC in bridge mode. Then you need to change the AP to local mode. The LAP downloads the image, reboots and registers back to the controller in local mode.