Tags
In this post we will see how to learn CLI commands to configure a WLAN. I have created a WLAN called “Test-15” with wlan-id 15. Here are the default settings once you create a WLAN.
Here are the CLI commands generated by this basic WLAN creation. Once you take a back up of the WLC configuration you can derive this.
config wlan create 15 Test-15 Test-15 config wlan interface 15 management config wlan broadcast-ssid enable 15 config wlan security wpa enable 15 config wlan wmm allow 15 config wlan session-timeout 15 1800 config wlan exclusionlist 15 60 config wlan mfp client enable 15
As you can see all the CLI commands start with “config wlan” & as long as you master the “config wlan” CLI commands you should be able to configure any WLAN specific features via CLI. Here is the full list
(WLC2) >config wlan ? 7920-support Configures support for phones. IPv6Support Configures IPv6 support on a WLAN. aaa-override Configures user policy override via AAA on a WLAN. acl Specify a per-WLAN ACL apgroup Manage AP Groups VLAN feature. band-select Allow|Disallow Band Select on a WLAN. broadcast-ssid Configures SSID Broadcast on a WLAN. call-snoop Configures Call Snooping. ccx Configure Cisco Client Extension options. channel-scan Configures off channel scanning deferral parameters. chd Enable/Disable CHD per WLAN create Creates a WLAN. custom-web Configures the Web Authentication Page per Profile. delete Deletes a WLAN. dhcp_server Configures the WLAN's DHCP Server. diag-channel Configures Diagnostics Channel Capability on a WLAN. disable Disables a WLAN. dtim Configures the DTIM Period for a WLAN enable Enables a WLAN. exclusionlist Configures Exclusion-list timeout. h-reap Configures H-REAP options for wlan. interface Configures the WLAN's interface. ldap Configures the WLAN's LDAP servers. load-balance Allow|Disallow Load Balance on a WLAN. local-auth Configures Local EAP Authentication. mac-filtering Configures MAC filtering on a WLAN. max-associated-clients Configures maximum no. of client connections on wlan/guest-lan/remote-lan. media-stream Configures Media Stream. mfp Configures Management Frame Protection. mobility Configures the Inter-Switch Mobility Manager multicast Configures the WLAN's multicast parameters. nac Configures NAC on wlan/guest-lan/remote-lan. peer-blocking Configure peer-to-peer blocking on a WLAN. qos Configures Quality of Service policy. radio Configures the Radio Policy. radius_server Configures the WLAN's RADIUS Servers. roamed-voice-client Configure Voice Client Re-Anchor policy security Configures the security policy for a WLAN. session-timeout Configures client timeout. sip-cac Configure SIP CAC Failure policy. static-ip Configures static IP client tunneling support on a WLAN. uapsd Configures UAPSD. webauth-exclude Enable/Disable WebAuth Exclusion wmm Configures WMM (WME).
There are 44 commands… How do you remember this… Let’s break it down to the section corresponds to GUI.
Here is the corresponding CLI for this section.
(WLC2) >config wlan ? create Creates a WLAN. broadcast-ssid Configures SSID Broadcast on a WLAN. interface Configures the WLAN's interface. disable Disables a WLAN. enable Enables a WLAN. delete Deletes a WLAN. radio Configures the Radio Policy. multicast Configures the WLAN's multicast parameters.
Here is the security section related configs
security Configures the security policy for a WLAN. webauth-exclude Enable/Disable WebAuth Exclusion custom-web Configures the Web Authentication Page per Profile. radius_server Configures the WLAN's RADIUS Servers. ldap Configures the WLAN's LDAP servers. local-auth Configures Local EAP Authentication. mac-filtering Configures MAC filtering on a WLAN.
Here is the QoS related configurations
(WLC2) > config wlan ? qos Configures Quality of Service policy. wmm Configures WMM (WME). 7920-support Configures support for phones. media-stream Configures Media Stream. uapsd Configures UAPSD.
Next Advanced Configuration Settings of a WLAN
Here is the CLI commands relevant to this section
(WLC2) > config wlan ? aaa-override Configures user policy override via AAA on a WLAN. chd Enable/Disable CHD per WLAN session-timeout Configures client timeout. ccx Configure Cisco Client Extension options. diag-channel Configures Diagnostics Channel Capability on a WLAN. IPv6Support Configures IPv6 support on a WLAN. acl Specify a per-WLAN ACL peer-blocking Configure peer-to-peer blocking on a WLAN. exclusionlist Configures Exclusion-list timeout. max-associated-clients Configures maximum no. of client connections on wlan/guest-lan/remote-lan. channel-scan Configures off channel scanning deferral parameters. h-reap Configures H-REAP options for wlan. dhcp_server Configures the WLAN's DHCP Server. static-ip Configures static IP client tunneling support on a WLAN. mfp Configures Management Frame Protection. dtim Configures the DTIM Period for a WLAN nac Configures NAC on wlan/guest-lan/remote-lan. load-balance Allow|Disallow Load Balance on a WLAN. band-select Allow|Disallow Band Select on a WLAN. call-snoop Configures Call Snooping. sip-cac Configure SIP CAC Failure policy. roamed-voice-client Configure Voice Client Re-Anchor policy
There are two other places we will configure WLAN features. If you want to configure “Auto Anchor” or “AP Group” you have to use the following CLI commands
mobility Configures the Inter-Switch Mobility Manage apgroup Manage AP Groups VLAN feature.
In next post we will drill in to more detail on each section.
Related Posts
1. Configuring WLAN via CLI – Part 2
2. Configuring WLAN via CLI – Part 3
3. Configuring WLAN via CLI – Part 4
4. Configuring WLAN via CLI – Part 5
5. Configuring WLAN via CLI – Part 6
mrn-cciew 
Thanks for the detailed analysis of your experiences throughout this endeavor…excellent information and guidance! Not sure if you know this little trick as it relates to WLC IOS commands…one can use “debug aaa tacacs enable” on the WLC and when you go to the GUI and offer a configuration, the WLC will output the CLI commands via the debug as one configures the WLC from the GUI.
Hi Robert,
Thank you very very much for this cool trick…. It is really helpful
Regards
Rasika
I have no words to exactly match your contribution here. I have been following you in someway since 2012. I am so thinking always what makes you to do your contributions this much
Hi Subba,
Thank you very much for the kind words
Without thinking too much, I am sharing what I learn about WiFi technology. Over the past 10 years when I look back, even I can’t believe I have done all those sharing.
I have done it with good intention and I am getting the result that (everyone appreciates it and when I need help from the community, I am getting it)
KIT
Rasika
Hi Rasika I was following your post because I’m want to learn use cli I guess it’s important for ccna wireless test. Well the main goal it’s create an Dynamic interface and wlan with WPA WPA2 security, because I’m still working with ACS install.
Well I read this post and the 4 part but I get this error: ERROR: PSK and/or FT-PSK should be configured on WLAN 10
I’m not sure What I’m doing wrong
Hi Rasika I found the mistake this is my configuration lines working:
config wlan security wpa enable 10
ERROR: WLAN 10 is already in the requested state.
config wlan security wpa wpa2 enable 10
ERROR: WLAN 10 is already in the requested state.
config wlan security wpa wpa2 ciphers aes enable 10
config wlan security wpa akm psk enable 10
config wlan security wpa akm psk set-key ascii 1234567890 10
config wlan enable 10
but I was miss this line: config wlan security wpa akm psk enable 10
Now everything is working, I’m still working in mu ACS installation and after configure this I will work with Autonomous AP.
Hi im trying to config a WLC 4402 from the biginning, can someone help me out