WLC CLI Cheatsheet

By Brandon James on 2019-07-30

I'm on the WLC CLI much less often than NXOS or IOS so I haven't really committed all the commands to memory. This reference documents some of the useful things I do or have done in the past on the WLC CLI.

Useful Show Commands

  • Instead of: show command | include, the WLC uses: grep include _regex_ "show command"
    • This is a really useful tool which makes it easy to do things like gather all the joined APs at a site to verify they are in the correct AP group
    • You can also do an inverse match with grep exclude
    • The number of lines matched is reported at the end, this is useful for change validation
  • List all WLANs: show wlan
  • List all WLANs in an AP group: show wlan apgroups
  • List all APs: show ap summary
    • List all APs in a specific subnet grep include 10\.10\.10\. "show ap summary"
  • Show WLANs broadcast by a specific AP on a specific radio type: show ap wlan 802.11[a|b|-abgn] _AP-NAME_
  • List all FlexConnect Groups: show flexconnect group summary
  • List all APs and AVC mappings in a FlexConnect Group: show flexconnect group _GROUP-NAME_
    • Appending 'aps' to the end of the command will list just the member APs

AP Configuration

Generally APs should be configured automatically using the WLC, after all that's the entire point of using a WLC. However, when cleaning up existing environments or migrating to a new environment, it might be necessary to configure the APs directly.

  • Change an APs Primary Controller
    • This is useful for migrating APs to a new controller or to fail over your infrastructure to your secondary controller while leaving the original WLC online:
    config ap primary-base DCA-WLC-01 BLG1-FLR1-AP1 192.168.0.20
    config ap primary-base _CONTROLLER-NAS-ID_ _AP-NAME_ _CONTROLLER_IP_ADDRESS_
    • Your primary WLC and secondary WLC cannot be the same

    • Changing an APs Secondary Controller is similar:

      config ap secondary-base DCB-WLC-01 BLG1-FLR1-AP1 192.168.1.20
      • To remove a secondary controller you set the controller to a blank NAS-ID and use 0.0.0.0 as the IP address

        config ap secondary-base '' BLG1-FLR1-AP1 0.0.0.0
        • If your new primary controller is your old secondary controller, this has to be done first
  • Change an APs Group Name

    config ap group-name BLG1-AP-GROUP BLG1-FLR1-AP1
    • config ap group-name GROUP-NAME AP-NAME
  • Change an APs Operational Mode config ap mode flexconnect submode none BLG1-FLR1-AP1
    • config ap mode mode submode submode AP-NAME
      • valid modes are: local, bridge, flex+bridge, flexconnect, monitor, rogue, se-connect, sensor, sniffer
      • valid submodes are: none, wips

Making batch AP configuration changes (Example: Batch migrating APs from their primary controller to the secondary)

The following example works on linux machines, but a similar process can also be performed using an excel spreadsheet

  • Log into the WLC the APs are registered to, if you aren't already logging ssh sessions, log the session as follows:
    • ssh DCA-WLC-01 | tee logfile.log
  • Issue the following commands

    config paging disable
    show ap join stats summary all
    logout
  • Then generate the script using the following:

    grep -P '192\.168\.20\.\d+.*\s{2}Joined' log.log \
    | awk '{print "config ap secondary-base '\'' '\'' " $3 " 0.0.0.0\nconfig ap primary-base DCA-WLC-01 " $3 " 192.168.0.20\nconfig ap secondary-base DCB-WLC-01 " $3 " 192.168.1.20"}' > paste_script.txt
    • Using grep, we select only APs in the 192.168.20.0/24 subnet that are currently joined to the controller:

      • We also only want to modify APs that are actually joined to the controller, alternatively all joined APs can be grabbed with grep -P '\s{2}Joined' log.log
    • Then AWK to generate the script

      awk '{print "config ap secondary-base '\'' '\'' " $3 " 0.0.0.0\nconfig ap primary-base DCA-WLC-01 " $3 " 192.168.0.20\nconfig ap secondary-base DCB-WLC-01 " $3 " 192.168.1.20"}'
      • $3 represents column three, which contains the AP name
      • We first delete the old secondary, then configure the new primary and secondary controllers
    • Finally, redirection is used to output the paste script into a file

A similar process can be used for other batch AP changes. Keep in mind that in cases where the AP has to reboot the character 'y' is required between commands. Example

config ap group-name BLG1-AP-GROUP BLG1-FLR1-AP1
y
config ap group-name BLG1-AP-GROUP BLG1-FLR1-AP2
y
  • This is trivial to add to our awk script above. Simply add "\n y \n" to the end