Cisco Systems OL-17037-01 manual Using the CLI to Authorize Access Points, Show auth-list

Page 23

Chapter 7 Controlling Lightweight Access Points

Autonomous Access Points Converted to Lightweight Mode

c.From the Certificate Type drop-down box, choose MIC, SSC, or LSC.

d.Click Add. The access point appears in the access point authorization list.

Note To remove an access point from the authorization list, hover your cursor over the blue drop-down arrow for the access point and choose Remove.

Note To search for a specific access point in the authorization list, enter the MAC address of the access point in the Search by MAC field and click Search.

Using the CLI to Authorize Access Points

Using the controller CLI, follow these steps to authorize access points.

Step 1 To configure an access point authorization policy, enter this command:

config auth-list ap-policy {authorize-ap {enable disable} authorize-lsc-ap {enable disable}}

Step 2 To configure an access point to accept manufactured-installed certificates (MICs), self-signed certificates (SSCs), or local significant certificates (LSCs), enter this command:

config auth-list ap-policy {mic ssc lsc {enable disable}}

Step 3 To add an access point to the authorization list, enter this command:

config auth-list add {mic ssc lsc} ap_mac [ap_key]

where ap_key is an optional key hash value equal to 20 bytes or 40 digits.

Note To delete an access point from the authorization list, enter this command: config auth-list delete ap_mac.

Step 4 To view the access point authorization list, enter this command:

show auth-list

Information similar to the following appears:

Authorize

MIC

APs

against

AAA

disabled

Authorize

LSC

APs

against

Auth-List

disabled

Allow APs

with MIC - Manufactured Installed C

enabled

Allow

APs

with

SSC

-

Self-Signed Certificate

enabled

Allow

APs

with

LSC

-

Locally Significant Cert

enabled

Mac Addr

Cert Type

Key Hash

-----------------------

----------

---------------------------------------------

00:12:79:de:65:99

SSC

ca528236137130d37049a5ef3d1983b30ad7e543

00:16:36:91:9a:27

MIC

593f34e7cb151997a28cc7da2a6cac040b329636

 

 

 

 

 

Cisco Wireless LAN Controller Configuration Guide

 

 

 

 

 

 

OL-17037-01

 

 

7-23

 

 

 

 

 

Image 23
Contents Controlling Lightweight Access Points Controller Discovery Process Access Point Communication ProtocolsGuidelines for Using Capwap Page Config network master-base disable Verifying that Access Points Join the ControllerConfig network master-base enable Debugging Capwap Configuring Global Credentials for Access PointsViewing Capwap MTU Information Global Configuration All APs Details for Credentials Show ap summary Save configShow ap config general CiscoAP Lwapp ap dot1x username username password password Configuring Authentication for Access PointsController Using the GUI to Configure Authentication for Access PointsCisco Wireless LAN Controller Configuration Guide Config ap dot1xuser add username user password password all Using the CLI to Configure Authentication for Access PointsAP Dot1x User Mode field shows Customized Config ap dot1xuser disable all CiscoAPConfiguring the Switch for Authentication Embedded Access PointsIp dhcp pool poolname Dns-server ipaddress Default-router ipaddressAutonomous Access Points Converted to Lightweight Mode Using a Controller to Return to a Previous Release Reverting from Lightweight Mode to Autonomous ModeAuthorizing Access Points Using MICs Authorizing Access PointsAuthorizing Access Points Using SSCs Using the GUI to Configure LSC Authorizing Access Points Using LSCsConfig certificate lsc other-params keysize Config certificate lsc enable disableConfig certificate lsc ca-server http//urlport/path Config certificate lsc ca-cert add deleteShow certificate lsc summary Config certificate lsc ap-provision auth-list add APmacaddrConfig certificate lsc ap-provision revert-cert retries Show certificate lsc ap-provision Using the GUI to Authorize Access PointsShow auth-list Using the CLI to Authorize Access PointsConfig auth-list ap-policy mic ssc lsc enable disable Config auth-list add mic ssc lsc apmac apkeyTroubleshooting the Access Point Join Process Using Dhcp Option 43 and Dhcp OptionControlling Lightweight Access Points Show ap join stats summary all Configuring the Syslog Server for Access PointsViewing Access Point Join Information Show ap config globalJoined Debug ap enable disable command cmd CiscoAP Converted Access Points Send Radio Core Dumps to ControllerShow ap crash-file Using the CLI to Retrieve Radio Core DumpsUsing the GUI to Upload Radio Core Dumps Transfer upload start Using the CLI to Upload Radio Core DumpsUsing the GUI to Upload Access Point Core Dumps Uploading Memory Core Dumps from Converted Access PointsUsing the CLI to Upload Access Point Core Dumps Display of MAC Addresses for Converted Access PointsConfig ap reset-button enable disable ap-nameall Supporting Oversized Access Point ImagesWGB Example Cisco Workgroup BridgesGuidelines for Using WGBs Configure terminal Show dot11 association Sample WGB ConfigurationUsing the GUI to View the Status of Workgroup Bridges 11 Clients Detail 12 WGB Wired Clients Debug dot11 mobile enable Debug dot11 state enable Using the CLI to View the Status of Workgroup BridgesUsing the CLI to Debug WGB Issues Debug dhcp message enable Debug dhcp packet enableConfiguring Backup Controllers 14 Global Configuration Using the GUI to Configure Backup Controllers15 All APs Details for High Availability Using the CLI to Configure Backup Controllers Config advanced timers auth-timeout interval Config advanced timers ap-discovery-timeout interval1300 Configuring Failover Priority for Access Points16 Global Configuration Enabled Using the CLI to View Failover Priority SettingsGuidelines for Configuring Multiple Country Codes Configuring Country CodesUsing the GUI to Configure Country Codes 19 All APs Details for Advanced Show country Using the CLI to Configure Country CodesShow country supported Show country channels Config 802.11a enable network config 802.11b enable network Controlling Lightweight Access Points Show ap migrate Migrating Access Points to the -U Regulatory DomainConfig country J3 Guidelines for MigrationConfig ap migrate j52w52 all apname Dynamic Frequency Selection Using the W56 Band in JapanUsing the GUI to Optimize Rfid Tracking on Access Points Optimizing Rfid Tracking on Access Points20 802.11b/g/n Cisco APs Configure Config 802.11b enable CiscoAP Using the CLI to Optimize Rfid Tracking on Access PointsConfig ap monitor-mode tracking-opt CiscoAP Show ap monitor-mode summary Configuring Probe Request ForwardingConfig advanced probe filter enable disable Config advanced probe limit numprobes intervalInventory 22 All APs Details for Inventory Performing a Link TestUsing the GUI to Perform a Link Test Link Test Using the CLI to Perform a Link Test Configuring Link Latency25 All APs Details for Advanced Using the GUI to Configure Link LatencyConfig ap link-latency enable disable CiscoAP all Using the CLI to Configure Link LatencyConfig ap link-latency reset CiscoAP Configuring Power over EthernetEPoE Power EPoE Mode 15.4 W Optimized 20 W Using the GUI to Configure Power over EthernetCisco Wireless LAN Controller Configuration Guide Config ap power injector enable CiscoAP all override Using the CLI to Configure Power over EthernetConfig ap power injector enable CiscoAP all installed Viewing Clients Configuring Flashing LEDsUsing the GUI to View Clients Debug ap command led flash seconds CiscoAPControlling Lightweight Access Points Viewing Clients 28 Search Clients 29 Clients Detail AP MAC Using the CLI to View ClientsS69 OL-17037-01