Cisco Wireless Cheat Sheet

These little findings and hard to remember commands that just might make your day

Controller based AP

Enable  “conf t” on a lightweight AP

debug capwap console cli

Stop AP from reloading when it can’t reach a controller

debug lwapp client no-reload

Point AP to controller using ip helper in the switch

In troubleshooting and special cases you can trick the AP to join a controller using IP helped in switch hosting the layer 3 interface. It can coexist with an IP helper for DHCP. Just add both the WLC and DHCP server IP address for IP helper.

ip forward-protocol udp 5246
int vlan xxx
ip helper-address <controller ip> <DHCP server 1> <DHCP server 2>

Unified WLC

Recalculate the entire channel plan

config advanced 802.11a channel update
config advanced 802.11g channel update

Non Cisco Workgroup Bridge

– Disable the Aeronet IE under advanced (SSID) configuration.

– Config network ip-mac-binding disable

– Extend  session timeout

– Use the passive client

SNMP V3 checklist

  • Password must be 12 caracters or more
  • Contain uppercase, lowercase and numbers
  • If “ADD controller” failes on CPI remove the controller and try again. Don’t try to edit the setting
  • Run “tcpdump host <controller-ip>” from root commandline to debug SNMP errors

CSR generation and installation for local webauth (LWA)

openssl>req -new -newkey rsa:2048 -nodes -keyout mykey.pem -out myreq.pem

Send myreq.pem to CA provider.

Copy the returned certificat + provider  intermediate and root certifikat in to a file called  “CA.pem”

openssl>pkcs12 -export -in CA.pem -inkey mykey.pem -out CA.p12 -clcerts -passin pass:check123 -passout pass:check123
openssl>pkcs12 -in CA.p12 -out final.pem -passin pass:check123 -passout pass:check123

Install final.pem on controller

Cisco Prime Infrastructure

Status, Stop og start applikation

show application status nfs
ncs stop
ncs start

Converged Access

Deauth en wireless klient

wireless client mac-address <mac> deauthenticate

Leave a Reply