Aruba AOS vs. Cisco IOS-XE commands
Purpose | Aruba AOS | Cisco IOS XE |
View AP database (see what APs are up/down plus MAC addresses) | show ap database long | show wireless stats ap join summary |
View AP uptime | show ap database long or show ap active | show ap uptime |
View AP BSSIDs | show ap bss-table | show ap wlan summary show ap wlan summary | inc lighthouse.*Enabled show ap wlan summary | inc BSSID|lighthouse show ap wlan summary | sec <AP name> show ap name <ap name> wlan dot11 5ghz (only shows the BSSID MAC, not the name of the WLAN too) |
View active APs with channel & power assignments | show ap active | show ap dot11 5ghz summary |
View ipv4 user table | show ipv4 user-table | show wireless device-tracking database ip show wireless client summary detail |
View ipv6 user table | show ipv6 user-table | show wireless device-tracking database ip show wireless client summary detail |
View AP association table | show ap association | show ap wlan summary |
View what VLAN a client was assigned to | show user ip <user's IP address> | sh wireless client mac <client MAC addr> detail show wireless client summary detail | section <mac addr> |
View recent channel changes for an AP (due to radar, errors, interference reasons, etc) | show ap arm history ap-name <AP's name> | show logging profile wireless module radio-history-channel filter mac <AP mac addr> |
View interference levels on all channels for an AP | show ap arm rf-summary ap-name <AP's name> | show ap name <AP name> auto-rf dot11 5ghz |
View neighboring APs in the area, both APs we manage as well as any other ones in the area | show ap monitor ap-list ap-name <AP's name> | show ap name <AP name> neighbor summary show wireless wps rogue ap list mac-address <AP's mac addr> show ap name <AP name> auto-rf dot11 5ghz |
Rename a newly joined AP via the CLI | ap-rename ap-name <AP's current name><new AP name> | ap name <AP's current name> name <new AP name> |
View recent auth transactions | show auth-tracebuf | show logging profile wireless filter mac <AP's mac addr> but mostly does not exist |
View client table for an AP | show ap debug client-table ap-name <AP's name> | show controllers d0 mostly does not exist |
View RADIUS counters | show aaa authentication-servers radius statistics | show aaa servers |
View switch & port that the AP is connected on | show ap lldp neighbors ap-name <AP's name> | show ap cdp neighbors |
View datapath flows | show datapath session table | IPv4 flows: show flow monitor avc_ipv4_assurance cache format table IPv6 flows: show flow monitor avc_ipv6_assurance cache format table (shows only v4/v6 flows for the SSIDs/WLANs, not the wlc itself) |
Reboot a single AP | apboot ap-name <AP name> | ap name <AP name> reset |
Reboot all AP | apboot all local | ap reset site-tag <site tag> |
See what profiles/tags are applied to APs | show ap-group <AP group> or show ap config <ap-name> | show ap tag summary |
Debug a client | logging user-debug <MAC addr> level debugging | debug wireless mac <xxxx.xxxx.xxxx> to-file harddisk::<filename> (will run for 30 min by default) Afterwards: no debug wireless mac <xxxx.xxxx.xxxx> show logging profile wireless filter mac <xxxx.xxxx.xxxx> to-file harddisk::<filename> Example with additional filters by timeframe: sh logging profile wireless start last 1 hours filter mac f4d4.888d.acb5 to-file harddisk::stevetam-m1-16-mbp |
Debug IP theft | n/a | Enable verbose logging (temporarily) set platform software trace wireless chassis active R0 sisf-all-modules verbose Wait around 15 minutes, then set log level back to notice: set platform software trace wireless chassis active R0 sisf-all-modules notice Collect the archive trace for the past X days request platform software trace archive last 1 day target <filename> |
Debug 802.11r fast roams | show pmk ??? | sh wireless client mac-address 8c86.1ebe.9547 mobility history sh wireless stats mobility sh wireless stats authentication sh wireless stats client detail Not currently possible to manually delete a cached PMK from the wlc/AP |
Deauth / disconnect a client | aaa user delete mac <client mac address> | wireless client mac-address <client mac address> deauthenticate |
Check power supply status | show inventory | show inventory show environment show platform |
Check fan status | ? | show platform |
Check CPU | show cpuload current show datapath utilization | show processes cpu sorted show processes cpu platform sorted |
Clear a down AP from the wlc's AP database | From MM: To clear all down APs: clear gap-db lms lms-ip <wlc's v4 IP address> To clear a specific AP: clear gap-db ap-name <AP's name> or clear gap-db wired-mac <AP's MAC address> | clear ap mac-address <mac-address> join statistics (you'll have to use the Base or Radio MAC address instead of the Ethernet MAC address listed in show ap summary - available in 17.3.2 and newer only) |
Running a packet capture on the wlc | packet-capture destination local-filesystem For a control path capture: packet-capture controlpath <tcp or udp><comma separated list of ports to capture> For a datapath capture for a specific client: packet-capture datapath mac <client mac address> Stop the packet capture after it's done: no packet-capture controlpath <tcp or udp><comma separated list of ports that were captured> or no packet-capture datapath <client mac address> | If filtering by v4 traffic: ip access-list extended CAP-FILTER permit ip host <x.x.x.x> any permit ip any host <x.x.x.x> If filtering by v6 traffic: ipv6 access-list CAP-FILTER permit ipv6 host <x:x:x:x:x:x:x> any permit ipv6 any host <x:x:x:x:x:x:x> monitor capture MYCAP clear monitor capture MYCAP interface Port-channel 1 both monitor capture MYCAP control-plane both monitor capture MYCAP buffer circular size 100 monitor capture MYCAP match any monitor capture MYCAP limit pps 1000000 monitor capture MYCAP access-list CAP-FILTER Or, filter by client MAC instead: monitor capture MYCAP inner mac <CLIENT_MAC> monitor capture MYCAP start DO THE TEST, THEN: monitor capture MYCAP stop SAVE/EXPORT THE CAPTURE TO A FILE ON harddisk: monitor capture MYCAP export harddisk:my-test-packet- |
Restart RRM / Force a run for new channel settings to take effect | n/a | ap dot11 5ghz rrm dca restart |
Validate whether an external antenna is currently connected to a 9130AXE or 9120AXE | n/a | show ap name <AP name> config slot 0 show ap name <AP name> config slot 1 or show ap name <AP name> config dot11 5ghz |
Clear all config & reset the AP to factory defaults via console | interrupt boot sequence, then: factory_reset | capwap ap erase all |
Verify redundancy port state | n/a | Check what kind of SFP is installed (in 17.3 and later): show platform hardware slot R0 ha_port sfp idprom Check the link state of the redundancy port (in 17.5 and later): show platform hardware slot r0 ha_port interface stats Run a test ping on the redundancy port (in 17.5 and later): test wireless redundancy rping |
Check AP temperature | n/a | ssh to the AP directly and run show thermal-control-summary |
See how the APs / site tags are load balanced across the various wncd processors | n/a | show wireless loadbalance ap affinity wncd X |
Use AVC commands to see application traffic stats | n/a | show avc client xxxx.xxxx.xxxx top 10 applications downstream show avc client xxxx.xxxx.xxxx top 10 applications upstream show avc client xxxx.xxxx.xxxx top 10 applications aggregate show avc wlan <WLAN name> top 10 applications downstream show avc wlan <WLAN name> top 10 applications upstream show avc wlan <WLAN name> top 10 applications aggregate show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 downstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 upstream show avc wlan lighthouse application <app name, like "zoom-meetings"> top 10 aggregate |
Check datapath utilization | n/a | show platform hardware chassis active qfp datapath utilization summary show platform hardware chassis active qfp datapath utilization |
Run a command on an AP from the wlc | n/a | term mon ap name <AP name> remote enable ap name <AP name> remote command "show xxxx" ap name <AP name> remote disable |
Determine what 5 GHz channels are supported by an AP on the wlc in the region/country | n/a | term mon ap name <AP name> remote enable ap name <AP name> remote command "show controllers dot11Radio 1" (look for the output under Allowed Frequency) ap name <AP name> remote disable or, enable ssh for the APs in the ap profile and run the above show controllers dot11Radio 1 commmand |
Show interesting wireless client stats, including IP theft counter | n/a | show wireless stats client detail (can filter on "IP theft") |
Retrieve archive traces | n/a | request platform software trace archive last 1 day target harddisk:<filename> |
Retrieve always on logs for a particular client | n/a | show logging profile wireless start last X hours filter mac xxxx.xxxx.xxxx to-file harddisk:<name of file to save to> |
Check negotiated ethernet speeds (for mGig verification) | n/a | sh ap ethernet statistics |
Clearing ISSU upgrade process if stuck after a failed ISSU upgrade. *Use with caution and preferably afterhours, as this may require reload, and/or unexpected bahavior. | n/a | #config t (config)#service internal (config)exit #clear install state #show issu state detail *to confirm that the previouly stuck ISSU upgrade is now cleared. |
Verify that Primary/Secondary controllers are set for APs on ra-wlcs | n/a | show ap config general | inc Cisco Controller|AP Name |
Check the status of the standby wlc | n/a | show chassis rmi show platform software rif-mgr chassis standby R0 resource-status show redundancy states |
No comments:
Post a Comment