cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9657
Views
30
Helpful
11
Replies

How to see which Host is connected to an Aironet AP

Alfredo Pippo
Level 1
Level 1

Hello everyone,

 

I have multiple Aironet Access Points connected through a Wireless LAN Controller.

 

From the GUI and also from the CLI of the Wireless LAN Controller I can see which clients are connected in WiFi on a particular Access Point.

 

I was wondering if I connect directly to an access point in SSH which command should I give to understand which Host is connected via WiFi to that Access Point?

 

I tried with the show mac address-table command but there seems to be no such command for the Aironet Access Point.

 

Is there anyone who can help me with this?

 

This question comes from the fact that some IP / MAC addresses shown on the WLC of the clients connected to a certain Access Point, are shown even after the hosts are turned off for a period of time, even more than 24 hours after the host is turned off.

 

Here I was wondering if it was possible to check directly from the Access point which hosts are connected to it.

 

Many thanks in advance

11 Replies 11

pieterh
VIP
VIP

even when you did "enable"  there are many hidden commands on a controller based access point

background is: most access to a lightweight access point should be done from the controller

you need to activate the hidden commands first with "debug capwap console cli"

 

>>> even more than 24 hours after the host is turned off. <<<

-> you need to enable the idle timer or decrease the client idle-timeout

what model + version controller is involved?

Hello pieterh,

 

thank you very much for your response.

 

I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.

 

Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?

 

The WLC is a Cisco 5520 and Software Version 8.10.130.0

 

How can I enable the inactivity timer from the WLC or decrease the client inactivity timeout?

 

Many thanks in advance

 

 

Rich R
VIP
VIP

1. Upgrade to latest release 8.10.162.0 to resolve known bugs.  If you still see the problem after that then you might be seeing https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy60772 which is not yet fixed in a maintenance release.  If that's the case then you'll need to contact Cisco TAC to get a special image with the fix before the next maintenance release which is likely at least a few months away.

2. The commands available on the AP vary considerably depending on the OS running on the AP.  Older APs run Cisco IOS, new APs run Cisco COS (ClickOS) which is very different.  The COS commands are a lot less user friendly than IOS.  The point is, as pieterh said, you are supposed to manage CAPWAP APs from the controller.  You haven't mentioned the model of AP.

 

Tip for anybody asking questions on these forums: state the model of WLC, model of AP(s) & software version you're using right from the start in your initial post otherwise it's difficult for anybody to give you accurate answers!

 Hi rudling,


thank you very much for the information.

 

In the next few days we will update the WLC to version 8.10.168.38.

 

The Access Point model is AIR-CAP2702E-E-K9 and below the IOS version:

 

Version.png

Version .png

 

If I were to connect in SSH directly to the Access Point, how should I proceed to check which Clients are connected to this Access Point with this type of AP and IOS?

 

In reference to this statement: you need to enable the idle timer or decrease the client idle-timeout , which property does A, B or something else refer to?

 

In WANs SSID property:

 

A

Idle Time 1.png

B 

Idle Time 2.png

  

Many thanks in advance

 

 

 Arshadsaf explaind the options,

 

I was referring to the timer set in wlan property A

but 1800 seconds is half an hour. so your client sessions should end in much less than 24 hours

but the information remains available for some time to view (short term) historical data, useful for troubleshooting

so what page do you use where clients are shown even after 24 hours?

Hello pieterh,

 

thank you very much for your reply.

 

The information is taken from this page of the WLC:

 

Filter-.png

 

I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.

 

Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?

Many thanks in advance

Arshad Safrulla
VIP Alumni
VIP Alumni

If you want to see clients connected to a certain AP you can use the below command in the WLC CLI

show client ap 802.11a <AP Name>

show client ap 802.11b <AP Name>

To see all the clients connected to all the clients

show client summary

Below is a summary of useful CLI commands

https://semfionetworks.com/wp-content/uploads/2021/04/cisco-aireos-commands-reference-sheet-v1.4.pdf

Also from GUI you can go to Monitor>>Clients and filter the clients based on AP or any other parameter which is available.

 

Regarding the stale entries found on your WLC, it could be due to the bug @Rich R mentioned above (please make sure if your environment allows to run the latest Cisco recommended AIreOS always), so If I were you I would first check the client status in CLI using above commands or in the GUI. I would use this as a starting point to troubleshoot. I wouldn't suggest changing any timeout values before understanding what it does as this would end up bringing a disaster. 

Session Timeout - This will make sure that the Wireless client is deauthenticated after the set timer even it is actively transmitting and receiving data.

Idle Timeout - This is there to make sure that the wireless client is deauthenitcated after client is idle for certain time, where the time is defined in the WLC.

Client exclusion - This is a certain security mechanism to make sure that the offending clients are blacklisted for a certain time before it is allowed to interact with the WLC for auth.

 

 

 

 

 

Hello Arshadsaf,

thank you very much for the information.

 

Even connecting in CLI on the WLC I always get the same result as with the GUI, that is that some clients, despite being turned off, are still connected on the WLC after a few hours.

I was wondering how I can continue after pieterh´s advice (directly on the AP) with the command debug capwap console cli find out which Client is connected to an AP

 

Many thanks in advance

You can check from the AP using below command

show dot11 associations

Check @Rich R's next post for the correct command. 

 

Hello Arshadsaf,

this is the result of the command you indicated.

 

Error.png

 

I tried all the above commands but they don't give me the list of connected clients

 

Maybe with this IOS there is some other command to give?

 

Many thanks in advance

Yes "show dot11 ass" is for autonomous IOS APs.

You can try "show controllers dot11Radio 0 client" for 2.4G radio and "show controllers dot11Radio 1 client" for 5G radio.

It should show the same as what you see on the controller.

The point is that stale sessions has been a recurring theme in various autonomous and WLC releases over the years.

It's always caused by a bug in the software but Cisco apparently never notice these bugs in their release testing because they usually only become apparent after the AP has been running for a while - probably longer than their tests take.

 

Review Cisco Networking for a $25 gift card