Cisco WLC CLI useful commands
When managing Cisco Wireless LAN Controllers (WLCs), mastering essential configuration commands is crucial for efficient network setup and maintenance. Let’s explore some of the most useful CLI commands for basic WLC configuration.
A. Setting up IP addresses
To configure IP addresses on your Cisco WLC, use the following commands:
config interface address management <ip-address> <netmask> <gateway>
config interface address virtual <ip-address>
These commands allow you to set the management interface IP and the virtual interface IP, respectively.
B. Enabling/disabling interfaces
To enable or disable interfaces on your WLC, use:
config interface enable {management | service-port | virtual}
config interface disable {management | service-port | virtual}
C. Managing radio frequencies
For radio frequency management, utilize these commands:
config 802.11a {enable | disable} network
config 802.11b {enable | disable} network
config 802.11a channel auto
config 802.11b channel auto
These commands allow you to enable/disable 5GHz and 2.4GHz networks, and set automatic channel selection.
D. Configuring SSID and security settings
To set up SSIDs and their security parameters, use:
config wlan create <wlan-id> <profile-name> <ssid-name>
config wlan security wpa akm psk set-key ascii <password> <wlan-id>
config wlan enable <wlan-id>
Here’s a comparison of common WLAN security types:
| Security Type | Encryption | Authentication | Complexity |
|---|---|---|---|
| Open | None | None | Low |
| WPA2-Personal | AES | Pre-shared key | Medium |
| WPA2-Enterprise | AES | 802.1X | High |
These essential configuration commands provide a solid foundation for setting up and managing your Cisco WLC. With these commands at your disposal, you can efficiently configure IP addresses, manage interfaces, control radio frequencies, and set up secure wireless networks. Next, we’ll explore commands for monitoring and troubleshooting your wireless network.
Monitoring and Troubleshooting Commands
Now that we’ve covered essential configuration commands, let’s dive into monitoring and troubleshooting commands for Cisco WLCs. These commands are crucial for maintaining a healthy wireless network and quickly resolving issues.
A. Testing network connectivity
To ensure proper network connectivity, use these commands:
ping <IP_address>: Test basic network reachabilitytraceroute <IP_address>: Trace the path to a destinationshow interface summary: Display a summary of all interfaces
B. Analyzing logs and statistics
Cisco WLCs provide various commands for analyzing logs and statistics:
show traplog: View system trap logsshow msglog: Display message logsshow tech-support: Generate a comprehensive system report
C. Debugging wireless issues
For troubleshooting wireless-specific problems, use:
debug client <MAC_address>: Debug a specific clientdebug dot11 {all | events | packets}: Debug 802.11 operationsdebug mobility handoff: Debug client roaming issues
D. Viewing client information
To gather information about connected clients:
show client summary: Display a summary of all connected clientsshow client detail <MAC_address>: View detailed information for a specific client
E. Checking system status
Monitor overall system health with these commands:
| Command | Description |
|---|---|
show sysinfo | Display system information |
show cpu | View CPU utilization |
show memory | Check memory usage |
show process | List running processes |
These monitoring and troubleshooting commands will help you maintain optimal performance and quickly resolve issues in your Cisco WLC-managed wireless network. Next, we’ll explore security-related commands to ensure your network remains protected.
Security-related Commands
Securing your Cisco Wireless LAN Controller (WLC) is crucial for maintaining a robust and protected network environment. Let’s explore some essential security-related CLI commands that will help you fortify your wireless infrastructure.
A. Managing RADIUS server settings
RADIUS servers play a vital role in authenticating and authorizing wireless clients. Here are some key commands for managing RADIUS server settings:
config radius auth add <server-index> <server-ip> <port> <ascii/hex> <shared-secret>
config radius auth disable <server-index>
config radius auth enable <server-index>
show radius summary
B. Enabling/disabling specific security features
Cisco WLCs offer various security features that can be enabled or disabled based on your network requirements:
| Command | Description |
|---|---|
config wps mfp client enable/disable | Enable/disable Management Frame Protection |
config wps signature enable/disable | Enable/disable Wireless IPS signatures |
config rogue ap valid-client enable/disable | Enable/disable valid client on rogue APs |
C. Implementing rogue AP detection
Rogue access points can pose significant security risks. Use these commands to configure and monitor rogue AP detection:
- Enable rogue AP detection:
config rogue detection enable
