| Purpose | Aruba AOS | Cisco IOS XE |
|---|---|---|
| View AP database (see what APs are up/down plus MAC addresses) | show ap database long | show wireless stats ap join summary |
| View AP uptime | show ap database long or show ap active | show ap uptime |
| View AP BSSIDs | show ap bss-table | show ap wlan summary show ap wlan summary | inc lighthouse.*Enabled show ap wlan summary | inc BSSID|lighthouse show ap wlan summary | sec <AP name> show ap name <ap name> wlan dot11 5ghz (only shows the BSSID MAC, not the name of the WLAN too) |
| View active APs with channel & power assignments | show ap active | show ap dot11 5ghz summary |
| View ipv4 user table | show ipv4 user-table | show wireless device-tracking database ip show wireless client summary detail show wireless client summary | i <ap> |
| View ipv6 user table | show ipv6 user-table | show wireless device-tracking database ip show wireless client summary detail show wireless client summary | i <ap> |
| View AP association table | show ap association | show ap wlan summary |
| View what VLAN a client was assigned to also verify the signal streangth and noise ration | show user ip <user's IP address> | sh wireless client mac <client MAC addr> detail show wireless client summary detail | section <mac addr> |
| View recent channel changes for an AP (due to radar, errors, interference reasons, etc) | show ap arm history ap-name <AP's name> | show logging profile wireless module radio-history-channel filter mac <AP mac addr> |
| View interference levels on all channels for an AP | show ap arm rf-summary ap-name <AP's name> | show ap name <AP name> auto-rf dot11 5ghz |
| View neighboring APs in the area, both APs we manage as well as any other ones in the area | show ap monitor ap-list ap-name <AP's name> | show ap name <AP name> neighbor summary show wireless wps rogue ap list mac-address <AP's mac addr> show ap name <AP name> auto-rf dot11 5ghz |
| Rename a newly joined AP via the CLI | ap-rename ap-name <AP's current name><new AP name> | ap name <AP's current name> name <new AP name> |
| View recent auth transcations | show auth-tracebuf | show logging profile wireless filter mac <AP's mac addr> but mostly does not exist |
| View client table for an AP | show ap debug client-table ap-name <AP's name> | show controllers d0 mostly does not exist |
| View RADIUS counters | show aaa authentication-servers radius statistics | show aaa servers |
| View switch & port that the AP is connected on | show ap lldp neighbors ap-name <AP's name> | show ap cdp neighbors |
| View datapath flows | show datapath session table | IPv4 flows: show flow monitor avc_ipv4_assurance cache format table IPv6 flows: show flow monitor avc_ipv6_assurance cache format table (shows only v4/v6 flows for the SSIDs/WLANs, not the wlc itself) |
| Reboot a single AP | apboot ap-name <AP name> | ap name <AP name> reset |
| Reboot all AP | apboot all local | ap reset site-tag <site tag> |
| See what profiles/tags are applied to APs | show ap-group <AP group> or show ap config <ap-name> | show ap tag summary |
| Debug a client | logging user-debug <MAC addr> level debugging | debug wireless mac <xxxx.xxxx.xxxx> to-file flash:<filename> (will run for 30 min by default) Afterwards: no debug wireless mac <xxxx.xxxx.xxxx> show logging profile wireless filter mac <xxxx.xxxx.xxxx> to-file flash:<filename> Example with additional filters by timeframe: sh logging profile wireless start last 1 hours filter mac f4d4.888d.acb5 to-file flash:stevetam-m1-16-mbp |
| Debug 802.11r fast roams | show pmk ??? | sh wireless client mac-address 8c86.1ebe.9547 mobility history sh wireless stats mobility sh wireless stats authentication sh wireless stats client detail Not currently possible to manually delete a cached PMK from the wlc/AP |
| Deauth / disconnect a client | aaa user delete mac <client mac address> | wireless client mac-address <client mac address> deauthenticate |
| Check power supply status | show inventory | show inventory show environment show platform |
| Check fan status | ? | show platform |
| Check CPU | show cpuload current show datapath utilization | show processes cpu sorted show processes cpu platform sorted |
| Clear a down AP from the wlc's AP database | From MM: To clear all down APs: clear gap-db lms lms-ip <wlc's v4 IP address> To clear a specific AP: clear gap-db ap-name <AP's name> or clear gap-db wired-mac <AP's MAC address> | clear ap mac-address <mac-address> join statistics (you'll have to use the Base or Radio MAC address instead of the Ethernet MAC address listed in show ap summary - available in 17.3.2 and newer only) |
| Running a packet capture on the wlc | packet-capture destination local-filesystem For a control path capture: packet-capture controlpath <tcp or udp><comma separated list of ports to capture> For a datapath capture for a specific client: packet-capture datapath mac <client mac address> Stop the packet capture after it's done: no packet-capture controlpath <tcp or udp><comma separated list of ports that were captured> or no packet-capture datapath <client mac address> | If filtering by v4 traffic: ip access-list extended CAP-FILTER permit ip host <x.x.x.x> any permit ip any host <x.x.x.x> If filtering by v6 traffic: ipv6 access-list CAP-FILTER permit ipv6 host <x:x:x:x:x:x:x> any permit ipv6 any host <x:x:x:x:x:x:x> monitor capture MYCAP clear monitor capture MYCAP interface Port-channel 1 both monitor capture MYCAP control-plane both monitor capture MYCAP buffer circular size 100 monitor capture MYCAP match any monitor capture MYCAP limit pps 1000000 monitor capture MYCAP access-list CAP-FILTER Or, filter by client MAC instead: monitor capture MYCAP inner mac <CLIENT_MAC> monitor capture MYCAP start DO THE TEST, THEN: monitor capture MYCAP stop SAVE/EXPORT THE CAPTURE TO A FILE ON FLASH: monitor capture MYCAP export bootflash:my-test-packet-capture.pcap |
| Restart RRM / Force a run for new channel settings to take effect | n/a | ap dot11 5ghz rrm dca restart |
| Validate whether an external antenna is currently connected to a 9130AXE or 9120AXE | n/a | show ap name <AP name> config slot 0 show ap name <AP name> config slot 1 or show ap name <AP name> config dot11 5ghz |
| Clear all config & reset the AP to factory defaults via console | interrupt boot sequence, then: factory_reset | capwap ap erase all |
| Verify redundancy port state | n/a | Check what kind of SFP is installed (in 17.3 and later): show platform hardware slot R0 ha_port sfp idprom Check the link state of the redundancy port (in 17.5 and later): show platform hardware slot r0 ha_port interface stats Run a test ping on the redundancy port (in 17.5 and later): test wireless redundancy rping |
| Check AP temperature | n/a | ssh to the AP directly and run show thermal-control-summary |
| See how the APs / site tags are load balanced across the various wncd processors | n/a | show wireless loadbalance ap affinity wncd X |
| Use AVC commands to see application traffic stats | n/a | show avc client xxxx.xxxx.xxxx top 10 applications downstream show avc client xxxx.xxxx.xxxx top 10 applications upstream show avc client xxxx.xxxx.xxxx top 10 applications aggregate show avc wlan <WLAN name> top 10 applications downstream show avc wlan <WLAN name> top 10 applications upstream show avc wlan <WLAN name> top 10 applications aggregate show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 downstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 upstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 aggregate |
| Check datapath utilization | n/a | show platform hardware chassis active qfp datapath utilization summary show platform hardware chassis active qfp datapath utilization |
| Run a command on an AP from the wlc | n/a | term mon ap name <AP name> remote enable ap name <AP name> remote command "show xxxx" ap name <AP name> remote disable |
| Determine what 5 GHz channels are supported by an AP on the wlc in the region/country | n/a | term mon ap name <AP name> remote enable ap name <AP name> remote command "show controllers dot11Radio 1" (look for the output under Allowed Frequency) ap name <AP name> remote disable or, enable ssh for the APs in the ap profile and run the above show controllers dot11Radio 1 commmand |
| Show interesting wireless client stats, including IP theft counter | n/a | show wireless stats client detail (can filter on "IP theft") |
| Retrieve archive traces | n/a | request platform software trace archive last 1 day target flash:<filename> |
sh ap name <apname> inventory check ap serial number
Note
Radio Signal Strength Indicator
normal range is -45dBm to -87dBm
Signal to Noise Ratio : 44 dB
25 dB to 40 dB: is deemed to be good. 41 dB or higher: is considered to be excellent.
No comments:
Post a Comment