Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9659
Views
30
Helpful
11
Replies

How to see which Host is connected to an Aironet AP

Alfredo Pippo
Level 1
Level 1

‎10-07-2021 06:04 AM

Hello everyone,

 

I have multiple Aironet Access Points connected through a Wireless LAN Controller.

 

From the GUI and also from the CLI of the Wireless LAN Controller I can see which clients are connected in WiFi on a particular Access Point.

 

I was wondering if I connect directly to an access point in SSH which command should I give to understand which Host is connected via WiFi to that Access Point?

 

I tried with the show mac address-table command but there seems to be no such command for the Aironet Access Point.

 

Is there anyone who can help me with this?

 

This question comes from the fact that some IP / MAC addresses shown on the WLC of the clients connected to a certain Access Point, are shown even after the hosts are turned off for a period of time, even more than 24 hours after the host is turned off.

 

Here I was wondering if it was possible to check directly from the Access point which hosts are connected to it.

 

Many thanks in advance

0 Helpful
11 Replies 11

pieterh
VIP
VIP

‎10-07-2021 06:22 AM

even when you did "enable"  there are many hidden commands on a controller based access point

background is: most access to a lightweight access point should be done from the controller

you need to activate the hidden commands first with "debug capwap console cli"

 

>>> even more than 24 hours after the host is turned off. <<<

-> you need to enable the idle timer or decrease the client idle-timeout

what model + version controller is involved?

Alfredo Pippo
Level 1
Level 1
In response to pieterh

‎10-07-2021 06:35 AM

Hello pieterh,

 

thank you very much for your response.

 

I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.

 

Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?

 

The WLC is a Cisco 5520 and Software Version 8.10.130.0

 

How can I enable the inactivity timer from the WLC or decrease the client inactivity timeout?

 

Many thanks in advance

 

 

0 Helpful

Rich R
VIP
VIP

‎10-10-2021 04:01 AM

1. Upgrade to latest release 8.10.162.0 to resolve known bugs.  If you still see the problem after that then you might be seeing https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy60772 which is not yet fixed in a maintenance release.  If that's the case then you'll need to contact Cisco TAC to get a special image with the fix before the next maintenance release which is likely at least a few months away.

2. The commands available on the AP vary considerably depending on the OS running on the AP.  Older APs run Cisco IOS, new APs run Cisco COS (ClickOS) which is very different.  The COS commands are a lot less user friendly than IOS.  The point is, as pieterh said, you are supposed to manage CAPWAP APs from the controller.  You haven't mentioned the model of AP.

 

Tip for anybody asking questions on these forums: state the model of WLC, model of AP(s) & software version you're using right from the start in your initial post otherwise it's difficult for anybody to give you accurate answers!

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390

Alfredo Pippo
Level 1
Level 1
In response to Rich R

‎10-11-2021 06:40 AM - edited ‎10-11-2021 07:30 AM

 Hi rudling,


thank you very much for the information.

 

In the next few days we will update the WLC to version 8.10.168.38.

 

The Access Point model is AIR-CAP2702E-E-K9 and below the IOS version:

 

Version.png

Version .png

 

If I were to connect in SSH directly to the Access Point, how should I proceed to check which Clients are connected to this Access Point with this type of AP and IOS?

 

In reference to this statement: you need to enable the idle timer or decrease the client idle-timeout , which property does A, B or something else refer to?

 

In WANs SSID property:

 

A

Idle Time 1.png

B 

Idle Time 2.png

  

Many thanks in advance

 

 

0 Helpful

pieterh
VIP
VIP
In response to Alfredo Pippo

‎10-12-2021 05:27 AM - edited ‎10-12-2021 05:35 AM

 Arshadsaf explaind the options,

 

I was referring to the timer set in wlan property A

but 1800 seconds is half an hour. so your client sessions should end in much less than 24 hours

but the information remains available for some time to view (short term) historical data, useful for troubleshooting

so what page do you use where clients are shown even after 24 hours?

0 Helpful

Alfredo Pippo
Level 1
Level 1
In response to pieterh

‎10-12-2021 06:23 AM - edited ‎10-12-2021 06:25 AM

Hello pieterh,

 

thank you very much for your reply.

 

The information is taken from this page of the WLC:

 

Filter-.png

 

I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.

 

Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?

Many thanks in advance

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎10-11-2021 01:56 PM

If you want to see clients connected to a certain AP you can use the below command in the WLC CLI

show client ap 802.11a <AP Name>

show client ap 802.11b <AP Name>

To see all the clients connected to all the clients

show client summary

Below is a summary of useful CLI commands

https://semfionetworks.com/wp-content/uploads/2021/04/cisco-aireos-commands-reference-sheet-v1.4.pdf

Also from GUI you can go to Monitor>>Clients and filter the clients based on AP or any other parameter which is available.

 

Regarding the stale entries found on your WLC, it could be due to the bug @Rich R mentioned above (please make sure if your environment allows to run the latest Cisco recommended AIreOS always), so If I were you I would first check the client status in CLI using above commands or in the GUI. I would use this as a starting point to troubleshoot. I wouldn't suggest changing any timeout values before understanding what it does as this would end up bringing a disaster. 

Session Timeout - This will make sure that the Wireless client is deauthenticated after the set timer even it is actively transmitting and receiving data.

Idle Timeout - This is there to make sure that the wireless client is deauthenitcated after client is idle for certain time, where the time is defined in the WLC.

Client exclusion - This is a certain security mechanism to make sure that the offending clients are blacklisted for a certain time before it is allowed to interact with the WLC for auth.

 

 

 

 

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Alfredo Pippo
Level 1
Level 1
In response to Arshad Safrulla

‎10-12-2021 06:44 AM

Hello Arshadsaf,

thank you very much for the information.

 

Even connecting in CLI on the WLC I always get the same result as with the GUI, that is that some clients, despite being turned off, are still connected on the WLC after a few hours.

I was wondering how I can continue after pieterh´s advice (directly on the AP) with the command debug capwap console cli find out which Client is connected to an AP

 

Many thanks in advance

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni
In response to Alfredo Pippo

‎10-12-2021 06:55 AM - edited ‎10-12-2021 12:47 PM

You can check from the AP using below command

show dot11 associations

Check @Rich R's next post for the correct command. 

 

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

Alfredo Pippo
Level 1
Level 1
In response to Arshad Safrulla

‎10-12-2021 07:30 AM

Hello Arshadsaf,

this is the result of the command you indicated.

 

Error.png

 

I tried all the above commands but they don't give me the list of connected clients

 

Maybe with this IOS there is some other command to give?

 

Many thanks in advance

0 Helpful

Rich R
VIP
VIP
In response to Alfredo Pippo

‎10-12-2021 08:35 AM

Yes "show dot11 ass" is for autonomous IOS APs.

You can try "show controllers dot11Radio 0 client" for 2.4G radio and "show controllers dot11Radio 1 client" for 5G radio.

It should show the same as what you see on the controller.

The point is that stale sessions has been a recurring theme in various autonomous and WLC releases over the years.

It's always caused by a bug in the software but Cisco apparently never notice these bugs in their release testing because they usually only become apparent after the AP has been running for a while - probably longer than their tests take.

 

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
Default AP console baud rate from 17.12.x is 115200 - introduced by CSCwe88390
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card