10-07-2021 06:04 AM
Hello everyone,
I have multiple Aironet Access Points connected through a Wireless LAN Controller.
From the GUI and also from the CLI of the Wireless LAN Controller I can see which clients are connected in WiFi on a particular Access Point.
I was wondering if I connect directly to an access point in SSH which command should I give to understand which Host is connected via WiFi to that Access Point?
I tried with the show mac address-table command but there seems to be no such command for the Aironet Access Point.
Is there anyone who can help me with this?
This question comes from the fact that some IP / MAC addresses shown on the WLC of the clients connected to a certain Access Point, are shown even after the hosts are turned off for a period of time, even more than 24 hours after the host is turned off.
Here I was wondering if it was possible to check directly from the Access point which hosts are connected to it.
Many thanks in advance
10-07-2021 06:22 AM
even when you did "enable" there are many hidden commands on a controller based access point
background is: most access to a lightweight access point should be done from the controller
you need to activate the hidden commands first with "debug capwap console cli"
>>> even more than 24 hours after the host is turned off. <<<
-> you need to enable the idle timer or decrease the client idle-timeout
what model + version controller is involved?
10-07-2021 06:35 AM
Hello pieterh,
thank you very much for your response.
I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.
Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?
The WLC is a Cisco 5520 and Software Version 8.10.130.0
How can I enable the inactivity timer from the WLC or decrease the client inactivity timeout?
Many thanks in advance
10-10-2021 04:01 AM
1. Upgrade to latest release 8.10.162.0 to resolve known bugs. If you still see the problem after that then you might be seeing https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy60772 which is not yet fixed in a maintenance release. If that's the case then you'll need to contact Cisco TAC to get a special image with the fix before the next maintenance release which is likely at least a few months away.
2. The commands available on the AP vary considerably depending on the OS running on the AP. Older APs run Cisco IOS, new APs run Cisco COS (ClickOS) which is very different. The COS commands are a lot less user friendly than IOS. The point is, as pieterh said, you are supposed to manage CAPWAP APs from the controller. You haven't mentioned the model of AP.
Tip for anybody asking questions on these forums: state the model of WLC, model of AP(s) & software version you're using right from the start in your initial post otherwise it's difficult for anybody to give you accurate answers!
10-11-2021 06:40 AM - edited 10-11-2021 07:30 AM
Hi rudling,
thank you very much for the information.
In the next few days we will update the WLC to version 8.10.168.38.
The Access Point model is AIR-CAP2702E-E-K9 and below the IOS version:
If I were to connect in SSH directly to the Access Point, how should I proceed to check which Clients are connected to this Access Point with this type of AP and IOS?
In reference to this statement: you need to enable the idle timer or decrease the client idle-timeout , which property does A, B or something else refer to?
In WANs SSID property:
A
B
Many thanks in advance
10-12-2021 05:27 AM - edited 10-12-2021 05:35 AM
Arshadsaf explaind the options,
I was referring to the timer set in wlan property A
but 1800 seconds is half an hour. so your client sessions should end in much less than 24 hours
but the information remains available for some time to view (short term) historical data, useful for troubleshooting
so what page do you use where clients are shown even after 24 hours?
10-12-2021 06:23 AM - edited 10-12-2021 06:25 AM
Hello pieterh,
thank you very much for your reply.
The information is taken from this page of the WLC:
I have sent the command "debug capwap console cli" to an Access Point (in SSH), but I can't actually find the command "show mac address-table" or anything like that on the Access point.
Which command should I use to see which Hosts are connected to this Access Point after giving the "debug capwap console cli" command?
Many thanks in advance
10-11-2021 01:56 PM
If you want to see clients connected to a certain AP you can use the below command in the WLC CLI
show client ap 802.11a <AP Name>
show client ap 802.11b <AP Name>
To see all the clients connected to all the clients
show client summary
Below is a summary of useful CLI commands
https://semfionetworks.com/wp-content/uploads/2021/04/cisco-aireos-commands-reference-sheet-v1.4.pdf
Also from GUI you can go to Monitor>>Clients and filter the clients based on AP or any other parameter which is available.
Regarding the stale entries found on your WLC, it could be due to the bug @Rich R mentioned above (please make sure if your environment allows to run the latest Cisco recommended AIreOS always), so If I were you I would first check the client status in CLI using above commands or in the GUI. I would use this as a starting point to troubleshoot. I wouldn't suggest changing any timeout values before understanding what it does as this would end up bringing a disaster.
Session Timeout - This will make sure that the Wireless client is deauthenticated after the set timer even it is actively transmitting and receiving data.
Idle Timeout - This is there to make sure that the wireless client is deauthenitcated after client is idle for certain time, where the time is defined in the WLC.
Client exclusion - This is a certain security mechanism to make sure that the offending clients are blacklisted for a certain time before it is allowed to interact with the WLC for auth.
10-12-2021 06:44 AM
Hello Arshadsaf,
thank you very much for the information.
Even connecting in CLI on the WLC I always get the same result as with the GUI, that is that some clients, despite being turned off, are still connected on the WLC after a few hours.
I was wondering how I can continue after pieterh´s advice (directly on the AP) with the command debug capwap console cli find out which Client is connected to an AP
Many thanks in advance
10-12-2021 06:55 AM - edited 10-12-2021 12:47 PM
You can check from the AP using below command
show dot11 associations
Check @Rich R's next post for the correct command.
10-12-2021 07:30 AM
Hello Arshadsaf,
this is the result of the command you indicated.
I tried all the above commands but they don't give me the list of connected clients
Maybe with this IOS there is some other command to give?
Many thanks in advance
10-12-2021 08:35 AM
Yes "show dot11 ass" is for autonomous IOS APs.
You can try "show controllers dot11Radio 0 client" for 2.4G radio and "show controllers dot11Radio 1 client" for 5G radio.
It should show the same as what you see on the controller.
The point is that stale sessions has been a recurring theme in various autonomous and WLC releases over the years.
It's always caused by a bug in the software but Cisco apparently never notice these bugs in their release testing because they usually only become apparent after the AP has been running for a while - probably longer than their tests take.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide