Trying to place a SSID into 5Ghz only via CLI

JWHolm81891 · ‎11-18-2022

I am having trouble trying to find a CLI command that will let me config a WLAN/SSID into 5Ghz only:

Radio Policy : 802.11a only

I've tried the GUI disableing the 2.4, but I'm still getting:

Operational State of Radio Bands

2.4ghz : UP

5ghz : UP

6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)

How can I configure this for 802.11a only and get that in my config output for confirmation?

Scott Fella · ‎11-18-2022

The configuration is done on the WLAN. The radios will show up, but the SSID will not be broadcasting from the 2.4GHz radio. 802.11a only is what you need to have configured.

I don't know what controller you have, but for Aireos, you can shutdown the radio by using the following command:

config 802.11b disable <ap-name>

-Scott
*** Please rate helpful posts ***

JWHolm81891 · ‎11-18-2022

I am working with the 9800 controller. But that only disables per AP right? What if I want to do that for a WLAN?

Scott Fella · ‎11-18-2022

What you have defined on the WLAN is fine, that is all you need to do... 802.11a only That way you can have another SSID that uses both bands if needed. You have more flexibility configuring this on the WLAN than manually disabling the radio which affects all other SSID on the AP.

-Scott
*** Please rate helpful posts ***

JWHolm81891 · ‎11-18-2022

Maybe I'm misunderstanding your reply. I have on that is configured 802.11a only, but I didn't configure that one. I have another SSID that I am trying to configure like that so that it is only 802.11a. Does that make sense?

Scott Fella · ‎11-18-2022

Not really... what I'm trying to say is that on the WLAN, you defined what radios you want to use. In your case, you have 802.11a only, so that means that SSID will be available out on the 5GHz radio. The 2.4GHz will show up, but that doesn't mean that the SSID is available on that radio.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎11-18-2022

Does this help? If you want the SSID to only use 802.11a, you setup your WLAN like this:

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎11-18-2022

What you can do is create a new SSID with your setting and then apply that. Then go to save and click on diff. That will show you the output and commands, just like this:

-Scott
*** Please rate helpful posts ***

JWHolm81891 · ‎11-18-2022

Right, and I've done that. But when going in to read the configs 2.4 still shows as UP:

Operational State of Radio Bands

2.4ghz : UP

5ghz : UP

6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)

I'm on the 17.6.2. I don't seem to have that disable Wifi 6 option.

Scott Fella · ‎11-18-2022

Operation mean that the 2.4GHz is available if you want to use it. Basically, the ap radio is not just for the one ssid but its used for all ssid's. All you care about is this: Configured Radio Bands

show wlan all | sec Network Name|Configured Radio Bands|Operational State of Radio Bands

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎11-18-2022

WiFi 6 option os on later code versions to support the 9136 as an example. Why not create a new SSID and post that test SSID config from the command line. I can then add that to my controller and see.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎11-18-2022

So when I run the command on my controller is do not see the 2.4ghz like what you see on yours. Post your test SSID so I can add it to mine and validate.

I'm on 17.10.1prd4

WA-RED-9800-L-01#show wlan id 265 | sec Network Name|Configured Radio Bands|Operational State of Radio Bands
Network Name (SSID) : 5GHz Only
Configured Radio Bands
5ghz : Enabled
Slot : Enabled on all slots
Operational State of Radio Bands
5ghz : UP
Slot : Enabled on all slots

-Scott
*** Please rate helpful posts ***

JWHolm81891 · ‎11-18-2022

Thank you

The one on 802.11a only:

show wlan all | sec wlan id 10|Configured Radio Bands|Operational State of Radio Bands
Configured Radio Bands : All
Operational State of Radio Bands
2.4ghz : UP
5ghz : UP
6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)
Configured Radio Bands : All

The one I'm trying to get on 5Ghz only:

#show wlan all | sec wlan id 2|Configured Radio Bands|Operational State of Radio Bands
Configured Radio Bands : All
Operational State of Radio Bands
2.4ghz : UP
5ghz : UP
6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)
Configured Radio Bands : All

My output looks different from yours.

Scott Fella · ‎11-18-2022

Doesn't look right, because the Configured Radio Bands show All and not 802.11a only. Can you paste your

show run | sec <SSID>

Take a look at mine:

wlan "5GHz Only" 265 "5GHz Only"
dot11ax target-waketime
dot11ax twt-broadcast-support
radio policy dot11 5ghz
no security ft adaptive
no security wpa
no security wpa wpa2
no security wpa wpa2 ciphers aes
no security wpa akm dot1x

-Scott
*** Please rate helpful posts ***

JWHolm81891 · ‎11-18-2022

I think you were nice enough to have a look at these yesterday and saw the one in 802.11a only. I'm just trying to figure out how to get the other the same.

#sh run | sec-Managed

aaa authentication dot1x DOT1X_AUTH_-Managed group _Managed

wlan NPS--Managed policy POLICY_PROFILE_13

wlan NPS-C-Managed policy POLICY_PROFILE_13

wlan NPS--Managed policy POLICY_PROFILE_13

wlan NPS--Managed 10 -Managed

radio dot11a

security wpa wpa1

security wpa wpa1 ciphers aes

security dot1x authentication-list DOT1X_AUTH_-MANAGED

no shutdown

#sh run | sec Mobile

wlan WL-Personal 2 Mobile

radio policy dot11 5ghz

no security ft adaptive

security wpa psk set-key ascii 0 personal

no security wpa akm dot1x

security wpa akm psk

security pmf optional

no shutdown

WLAN Profile Name :Personal

================================================

Identifier : 2

Description :

Network Name (SSID) :Mobile

Status : Enabled

Broadcast SSID : Enabled

Advertise-Apname : Disabled

Universal AP Admin : Disabled

Max Associated Clients per WLAN : 0

Max Associated Clients per AP per WLAN : 0

Max Associated Clients per AP Radio per WLAN : 200

OKC : Enabled

Number of Active Clients : 110

CHD per WLAN : Enabled

WMM : Allowed

WiFi Direct Policy : Disabled

Channel Scan Defer Priority:

Priority (default) : 5

Priority (default) : 6

Scan Defer Time (msecs) : 100

Media Stream Multicast-direct : Disabled

CCX - AironetIe Support : Disabled

Peer-to-Peer Blocking Action : Disabled

Configured Radio Bands : All

Operational State of Radio Bands

2.4ghz : UP

5ghz : UP

6ghz : DOWN (Required config: Disable WPA2 and Enable WPA3 & dot11ax)

DTIM period for 802.11a radio :

DTIM period for 802.11b radio :

Local EAP Authentication : Disabled

Mac Filter Authorization list name : Disabled

Mac Filter Override Authorization list name : Disabled

Accounting list name :

802.1x authentication list name : Disabled

802.1x authorization list name : Disabled

Security

802.11 Authentication : Open System

Static WEP Keys : Disabled

Wi-Fi Protected Access (WPA/WPA2/WPA3) : Enabled

WPA (SSN IE) : Disabled

WPA2 (RSN IE) : Enabled

MPSK : Disabled

EasyPSK : Disabled

AES Cipher : Enabled

CCMP256 Cipher : Disabled

GCMP128 Cipher : Disabled

GCMP256 Cipher : Disabled

Randomized GTK : Disabled

WPA3 (WPA3 IE) : Disabled

Auth Key Management

802.1x : Disabled

PSK : Enabled

CCKM : Disabled

FT dot1x : Disabled

FT PSK : Disabled

Dot1x-SHA256 : Disabled

PSK-SHA256 : Disabled

SAE : Disabled

OWE : Disabled

SUITEB-1X : Disabled

SUITEB192-1X : Disabled

CCKM TSF Tolerance (msecs) : 1000

OWE Transition Mode : Disabled

OSEN : Disabled

FT Support : Disabled

FT Reassociation Timeout (secs) : 20

FT Over-The-DS mode : Disabled

PMF Support : Optional

PMF Association Comeback Timeout (secs): 1

PMF SA Query Time (msecs) : 200

Web Based Authentication : Disabled

Conditional Web Redirect : Disabled

Splash-Page Web Redirect : Disabled

Webauth On-mac-filter Failure : Disabled

Webauth Authentication List Name : Disabled

Webauth Authorization List Name : Disabled

Webauth Parameter Map : Disabled

Band Select : Disabled

Load Balancing : Disabled

Multicast Buffer : Disabled

Multicast Buffers (frames) : 0

IP Source Guard : Disabled

Assisted-Roaming

Neighbor List : Enabled

Prediction List : Disabled

Dual Band Support : Disabled

IEEE 802.11v parameters

Directed Multicast Service : Enabled

BSS Max Idle : Enabled

Protected Mode : Disabled

Traffic Filtering Service : Disabled

BSS Transition : Enabled

Disassociation Imminent : Disabled

Optimised Roaming Timer (TBTTS) : 40

Timer (TBTTS) : 200

Dual Neighbor List : Disabled

WNM Sleep Mode : Disabled

802.11ac MU-MIMO : Enabled

802.11ax parameters

802.11ax Operation Status : Enabled

OFDMA Downlink : Enabled

OFDMA Uplink : Enabled

MU-MIMO Downlink : Enabled

MU-MIMO Uplink : Enabled

BSS Target Wake Up Time : Enabled

BSS Target Wake Up Time Broadcast Support : Enabled

802.11 protocols in 2.4ghz band

Protocol : dot11bg

Advanced Scheduling Requests Handling : Enabled

mDNS Gateway Status : Bridge

WIFI Alliance Agile Multiband : Disabled

Device Analytics

Advertise Support : Enabled

Advertise Support for PC analytics : Enabled

Share Data with Client : Disabled

Client Scan Report (11k Beacon Radio Measurement)

Request on Association : Disabled

Request on Roam : Disabled

WiFi to Cellular Steering : Disabled

Advanced Scheduling Requests Handling : Enabled

Locally Administered Address Configuration

Deny LAA clients : Disabled

wlan Personal / Mobile

no security ft adaptive

security wpa psk set-key ascii 0 WLpersonal

no security wpa akm dot1x

security wpa akm psk

security pmf optional

no shutdown

FASTER VLAN (the one I’m trying to match)

WLAN Profile Name : NPS-Managed

================================================

Identifier : 10

Description :

Network Name (SSID) : Managed

Status : Enabled

Broadcast SSID : Enabled

Advertise-Apname : Disabled

Universal AP Admin : Disabled

Max Associated Clients per WLAN : 0

Max Associated Clients per AP per WLAN : 0

Max Associated Clients per AP Radio per WLAN : 200

OKC : Enabled

Number of Active Clients : 26

CHD per WLAN : Enabled

WMM : Allowed

WiFi Direct Policy : Disabled

Channel Scan Defer Priority:

Priority (default) : 5

Priority (default) : 6

Scan Defer Time (msecs) : 100

Media Stream Multicast-direct : Disabled

CCX - AironetIe Support : Disabled

Peer-to-Peer Blocking Action : Disabled

Radio Policy : 802.11a only

DTIM period for 802.11a radio :

DTIM period for 802.11b radio :

Local EAP Authentication : Disabled

Mac Filter Authorization list name : Disabled

Mac Filter Override Authorization list name : Disabled

Accounting list name :

802.1x authentication list name : DOT1X_AUTH_Cityof-MANAGED

802.1x authorization list name : Disabled

Security

802.11 Authentication : Open System

Static WEP Keys : Disabled

Wi-Fi Protected Access (WPA/WPA2/WPA3) : Enabled

WPA (SSN IE) : Enabled

TKIP Cipher : Disabled

AES Cipher : Enabled

WPA2 (RSN IE) : Enabled

MPSK : Disabled

EasyPSK : Disabled

AES Cipher : Enabled

CCMP256 Cipher : Disabled

GCMP128 Cipher : Disabled

GCMP256 Cipher : Disabled

Randomized GTK : Disabled

WPA3 (WPA3 IE) : Disabled

Auth Key Management

802.1x : Enabled

PSK : Disabled

CCKM : Disabled

FT dot1x : Disabled

FT PSK : Disabled

Dot1x-SHA256 : Disabled

PSK-SHA256 : Disabled

SAE : Disabled

OWE : Disabled

SUITEB-1X : Disabled

SUITEB192-1X : Disabled

CCKM TSF Tolerance (msecs) : 1000

OWE Transition Mode : Disabled

OSEN : Disabled

FT Support : Adaptive

FT Reassociation Timeout (secs) : 20

FT Over-The-DS mode : Disabled

PMF Support : Disabled

PMF Association Comeback Timeout (secs): 1

PMF SA Query Time (msecs) : 200

Web Based Authentication : Disabled

Conditional Web Redirect : Disabled

Splash-Page Web Redirect : Disabled

Webauth On-mac-filter Failure : Disabled

Webauth Authentication List Name : Disabled

Webauth Authorization List Name : Disabled

Webauth Parameter Map : Disabled

Band Select : Disabled

Load Balancing : Disabled

Multicast Buffer : Disabled

Multicast Buffers (frames) : 0

IP Source Guard : Disabled

Assisted-Roaming

Neighbor List : Enabled

Prediction List : Disabled

Dual Band Support : Disabled

IEEE 802.11v parameters

Directed Multicast Service : Enabled

BSS Max Idle : Enabled

Protected Mode : Disabled

Traffic Filtering Service : Disabled

BSS Transition : Enabled

Disassociation Imminent : Disabled

Optimised Roaming Timer (TBTTS) : 40

Timer (TBTTS) : 200

Dual Neighbor List : Disabled

WNM Sleep Mode : Disabled

802.11ac MU-MIMO : Enabled

802.11ax parameters

802.11ax Operation Status : Enabled

OFDMA Downlink : Enabled

OFDMA Uplink : Enabled

MU-MIMO Downlink : Enabled

MU-MIMO Uplink : Enabled

BSS Target Wake Up Time : Enabled

BSS Target Wake Up Time Broadcast Support : Enabled

802.11 protocols in 2.4ghz band

Protocol : dot11bg

Advanced Scheduling Requests Handling : Enabled

mDNS Gateway Status : Bridge

WIFI Alliance Agile Multiband : Disabled

Device Analytics

Advertise Support : Enabled

Advertise Support for PC analytics : Enabled

Share Data with Client : Disabled

Client Scan Report (11k Beacon Radio Measurement)

Request on Association : Disabled

Request on Roam : Disabled

WiFi to Cellular Steering : Disabled

Advanced Scheduling Requests Handling : Enabled

Locally Administered Address Configuration

Deny LAA clients : Disabled

wlan NPS-Managed 10 Managed

radio dot11a

security wpa wpa1

security wpa wpa1 ciphers aes

security dot1x authentication-list DOT1X_AUTH_MANAGED

no shutdown