Cisco Systems OL-17037-01 Configuring Global Credentials for Access Points, Debugging Capwap

Page 5

Chapter 7 Controlling Lightweight Access Points

Configuring Global Credentials for Access Points

Viewing CAPWAP MTU Information

To view the maximum transmission unit (MTU) for the CAPWAP path on the controller, enter this command. The MTU specifies the maximum size of any packet (in bytes) in a transmission.

show ap config general Cisco_AP Information similar to the following appears:

Cisco AP Identifier

9

 

 

Cisco AP Name

Maria-1250

 

Country code

US

- United States

Regulatory

Domain allowed by Country

802.11bg:-A

802.11a:-A

AP Country

code

US

- United States

AP Regulatory Domain

802.11bg:-A

802.11a:-A

Switch Port Number

1

 

 

MAC Address

......................................

00:1f:ca:bd:bc:7c

IP Address

Configuration

DHCP

 

 

IP Address

1.100.163.193

 

IP NetMask

255.255.255.0

 

CAPWAP Path MTU

1485

 

 

...

 

 

 

 

Debugging CAPWAP

Use these CLI commands to obtain CAPWAP debug information:

debug capwap events {enable disable}—Enables or disables debugging of CAPWAP events.

debug capwap errors {enable disable}—Enables or disables debugging of CAPWAP errors.

debug capwap detail {enable disable}—Enables or disables debugging of CAPWAP details.

debug capwap info {enable disable}—Enables or disables debugging of CAPWAP information.

debug capwap packet {enable disable}—Enables or disables debugging of CAPWAP packets.

debug capwap payload {enable disable}—Enables or disables debugging of CAPWAP payloads.

debug capwap hexdump {enable disable}—Enables or disables debugging of the CAPWAP hexadecimal dump.

Configuring Global Credentials for Access Points

Cisco IOS access points are shipped from the factory with Cisco as the default enable password. This password allows users to log into the non-privileged mode and execute show and debug commands, posing a security threat. The default enable password must be changed to prevent unauthorized access and to enable users to execute configuration commands from the access point’s console port.

In controller software releases prior to 5.0, you can set the access point enable password only for access points that are currently connected to the controller. In controller software release 5.0 or later, you can set a global username, password, and enable password that all access points inherit as they join the controller. This includes all access points that are currently joined to the controller and any that join in the future. If desired, you can override the global credentials and assign a unique username, password, and enable password for a specific access point.

Cisco Wireless LAN Controller Configuration Guide

 

OL-17037-01

7-5

 

 

 

Image 5
Contents Controlling Lightweight Access Points Controller Discovery Process Access Point Communication ProtocolsGuidelines for Using Capwap Page Config network master-base disable Verifying that Access Points Join the ControllerConfig network master-base enable Debugging Capwap Configuring Global Credentials for Access PointsViewing Capwap MTU Information Global Configuration All APs Details for Credentials Show ap summary Save configShow ap config general CiscoAP Lwapp ap dot1x username username password password Configuring Authentication for Access PointsController Using the GUI to Configure Authentication for Access PointsCisco Wireless LAN Controller Configuration Guide Config ap dot1xuser add username user password password all Using the CLI to Configure Authentication for Access PointsAP Dot1x User Mode field shows Customized Config ap dot1xuser disable all CiscoAPConfiguring the Switch for Authentication Embedded Access PointsIp dhcp pool poolname Dns-server ipaddress Default-router ipaddressAutonomous Access Points Converted to Lightweight Mode Using a Controller to Return to a Previous Release Reverting from Lightweight Mode to Autonomous ModeAuthorizing Access Points Using MICs Authorizing Access PointsAuthorizing Access Points Using SSCs Using the GUI to Configure LSC Authorizing Access Points Using LSCsConfig certificate lsc ca-server http//urlport/path Config certificate lsc enable disableConfig certificate lsc ca-cert add delete Config certificate lsc other-params keysizeShow certificate lsc summary Config certificate lsc ap-provision auth-list add APmacaddrConfig certificate lsc ap-provision revert-cert retries Show certificate lsc ap-provision Using the GUI to Authorize Access PointsConfig auth-list ap-policy mic ssc lsc enable disable Using the CLI to Authorize Access PointsConfig auth-list add mic ssc lsc apmac apkey Show auth-listTroubleshooting the Access Point Join Process Using Dhcp Option 43 and Dhcp OptionControlling Lightweight Access Points Viewing Access Point Join Information Configuring the Syslog Server for Access PointsShow ap config global Show ap join stats summary allJoined Debug ap enable disable command cmd CiscoAP Converted Access Points Send Radio Core Dumps to ControllerShow ap crash-file Using the CLI to Retrieve Radio Core DumpsUsing the GUI to Upload Radio Core Dumps Transfer upload start Using the CLI to Upload Radio Core DumpsUsing the GUI to Upload Access Point Core Dumps Uploading Memory Core Dumps from Converted Access PointsUsing the CLI to Upload Access Point Core Dumps Display of MAC Addresses for Converted Access PointsConfig ap reset-button enable disable ap-nameall Supporting Oversized Access Point ImagesWGB Example Cisco Workgroup BridgesGuidelines for Using WGBs Configure terminal Show dot11 association Sample WGB ConfigurationUsing the GUI to View the Status of Workgroup Bridges 11 Clients Detail 12 WGB Wired Clients Using the CLI to Debug WGB Issues Using the CLI to View the Status of Workgroup BridgesDebug dhcp message enable Debug dhcp packet enable Debug dot11 mobile enable Debug dot11 state enableConfiguring Backup Controllers 14 Global Configuration Using the GUI to Configure Backup Controllers15 All APs Details for High Availability Using the CLI to Configure Backup Controllers Config advanced timers auth-timeout interval Config advanced timers ap-discovery-timeout interval1300 Configuring Failover Priority for Access Points16 Global Configuration Enabled Using the CLI to View Failover Priority SettingsGuidelines for Configuring Multiple Country Codes Configuring Country CodesUsing the GUI to Configure Country Codes 19 All APs Details for Advanced Show country Using the CLI to Configure Country CodesShow country supported Show country channels Config 802.11a enable network config 802.11b enable network Controlling Lightweight Access Points Config country J3 Migrating Access Points to the -U Regulatory DomainGuidelines for Migration Show ap migrateConfig ap migrate j52w52 all apname Dynamic Frequency Selection Using the W56 Band in JapanUsing the GUI to Optimize Rfid Tracking on Access Points Optimizing Rfid Tracking on Access Points20 802.11b/g/n Cisco APs Configure Config 802.11b enable CiscoAP Using the CLI to Optimize Rfid Tracking on Access PointsConfig ap monitor-mode tracking-opt CiscoAP Config advanced probe filter enable disable Configuring Probe Request ForwardingConfig advanced probe limit numprobes interval Show ap monitor-mode summaryInventory 22 All APs Details for Inventory Performing a Link TestUsing the GUI to Perform a Link Test Link Test Using the CLI to Perform a Link Test Configuring Link Latency25 All APs Details for Advanced Using the GUI to Configure Link LatencyConfig ap link-latency enable disable CiscoAP all Using the CLI to Configure Link LatencyConfig ap link-latency reset CiscoAP Configuring Power over EthernetEPoE Power EPoE Mode 15.4 W Optimized 20 W Using the GUI to Configure Power over EthernetCisco Wireless LAN Controller Configuration Guide Config ap power injector enable CiscoAP all override Using the CLI to Configure Power over EthernetConfig ap power injector enable CiscoAP all installed Using the GUI to View Clients Configuring Flashing LEDsDebug ap command led flash seconds CiscoAP Viewing ClientsControlling Lightweight Access Points Viewing Clients 28 Search Clients 29 Clients Detail AP MAC Using the CLI to View ClientsS69 OL-17037-01