Mobility Express Controller Commands
• Application Visibility Commands, on page 2• Cisco Umbrella Commands, on page 3• CleanAir Commands, on page 4• CMX Cloud Commands, on page 5• Commands for Collecting Log, Core, and Crash Files, on page 6• Commands for Software Download from Cisco.com, on page 7• Controller Image Upgrade Commands, on page 8• DNS Commands, on page 9• DNS ACL Commands, on page 10• Efficient AP Join Command, on page 12• EoGRE Commands, on page 13• Migration Commands, on page 15• mDNS Commands, on page 16• Next Preferred Master AP and Forced Failover, on page 19• NTP Commands, on page 20• RFID Commands, on page 21• TLS Gateway Commands, on page 22• VRRP Commands, on page 23• WLAN Security Commands, on page 24
Mobility Express Controller Commands1
Application Visibility CommandsThe following commands are used to configure Application Visibility on the CiscoMobility Express controller.
Added in ReleaseDescriptionCommand
8.1.122.0To enable or disableApplication Visibility in aWLAN
config flexconnect groupdefault-flexgroup avc 1visibility { enable | disable }
8.1.122.0To display the status ofApplication Visibility in eachWLAN
show flexconnect group detaildefault-flexgroup
8.1.122.0To viewApplicationVisibilitystatistics based on the flexgroup
show flexconnect avcstatistics groupdefault-flexgroup
8.1.122.0To viewApplicationVisibilitystatistics based on each client
show flexconnect avcstatistics client client_MAC
Mobility Express Controller Commands2
Mobility Express Controller CommandsApplication Visibility Commands
Cisco Umbrella CommandsThe following commands are used to configure Cisco Umbrella in the Cisco Mobility Express network.
Added in ReleaseDescriptionCommand
<8.8 MR1>To configure the CiscoUmbrella feature. You canenable or disable the feature.
config opendns {Enable |Disable}
<8.8 MR1>To register the CiscoUmbrella API token on thenetwork.
config opendns api-token
<8.8 MR1>To create, delete, or refresh aCisco Umbrella profile thatcan be applied over a WLAN
config opendns profile{create |delete | refresh}
<8.8 MR1>To map the Cisco Umbrellaprofile identity to a WLAN.
config wlan opendns-profile<wlan-id> <profile-name>{enable | disable}
<8.8 MR1>To enable or disable DHCPoption 6 per WLAN.
config wlanopendns-dhcp-opt6<wlan-id> {enable | disable}
<8.8 MR1>To ignore or force the CiscoUmbrella mode on theWLAN.
config wlan opendns-mode<wlan-id> {ignore | forced}
<8.8 MR1>To display details of CiscoUmbrella.
show opendns summary
Mobility Express Controller Commands3
Mobility Express Controller CommandsCisco Umbrella Commands
CleanAir CommandsAdded in ReleaseDescriptionCommand
8.1.122.0To enable CleanAir on anassociated AP. Not applicableto 1850 and 1830 series APs.
config 802.11b cleanairenable ap_MAC
8.1.122.0To list all the interferencedevices connected to the AP.
show 802.11b cleanair deviceap ap_MAC
8.1.122.0To jam a specific interferencedevice.
show 802.11b cleanair devicetype jammer
Mobility Express Controller Commands4
Mobility Express Controller CommandsCleanAir Commands
CMX Cloud CommandsAdded in ReleaseDescriptionCommand
8.3.102.0To specify a valid CMXserver token.
config cloud-services serverid-token CMX_token
8.3.102.0To specify a valid CMXserver URL.
config cloud-services serverurl url
8.3.102.0To enable CMX analytics.config cloud-services cmxenable
8.3.102.0To view details of theconfigured CMX cloudservices.
show cloud-services cmxsummary
Mobility Express Controller Commands5
Mobility Express Controller CommandsCMX Cloud Commands
Commands for Collecting Log, Core, and Crash FilesAdded in ReleaseDescriptionCommand
8.3.102.0Use these commands insequence to collect log, coreand crash files.
The files of the following datatypes are collected, bundledinto a .TAR file, and theuploaded to a configuredTFTP or FTP server:
• run-config
• systemtrace
• traplog
• debug-file
• crashfile
• coredump
• ap-crash-data
1. transfer upload datatypesupport-bundle
2. transfer upload mode {tftp | ftp }
3. transfer upload usernameusername passwordpassword
This command is only foran FTP transfer.
4. transfer upload filenamefilename
5. transfer upload pathfile_path
6. transfer upload serveripserver_ip_address
7. transfer upload start
8.3.102.0To debug the code-flow, usethis command before thetransfer upload startcommand.
debug transfer all enable
8.3.102.0To disable debugging of thecode-flow.
debug disable-all
Mobility Express Controller Commands6
Mobility Express Controller CommandsCommands for Collecting Log, Core, and Crash Files
Commands for Software Download from Cisco.comAdded in ReleaseDescriptionCommandStep
8.3.102.0To set the mode ofdownload of softwareimages to be fromCisco.com.
transfer download ap-images modecco
1
8.3.102.0To specify the Cisco.comcredentials to be used.
transfer download ap-imagescco-username username cco-passwordpassword
2
8.3.102.0To specify whether thesuggested or the latestsoftware version imagesare to be downloaded.
transfer download ap-images version{ suggested | latest }
3
8.3.102.0To set the controller toautomatically check forsoftware image updatesfrom Cisco.com.
transfer download ap-imagescco-auto-check { enable | disable }
4
8.3.102.0To start the download.transfer download start5
Mobility Express Controller Commands7
Mobility Express Controller CommandsCommands for Software Download from Cisco.com
Controller Image Upgrade CommandsThe following commands are used when performing a Mobility Express controller software image upgrade.
Added in ReleaseDescriptionCommand
8.1.122.0To set the path of the softwareimage on the TFTP server
transfer download ap-imagesimagePath image_path
8.1.122.0To set the file transfer modeas TFTP
transfer download ap-imagesmode tftp
8.1.122.0To specify the IP address ofthe TFTP server
transfer download ap-imagesserverIp ipv4_address
8.1.122.0To save the configuration andstart the image download
transfer download start
8.3.102.0To stop the ongoing imagedownload
transfer download stop
8.1.122.0To debug the transfer anddownload with all subcommands enabled
debug transfer all { enable |disable }
8.1.122.0To debug transfer downloadof TFTP
debug transfer tftp { enable |disable }
8.1.122.0To debug transfer tracedebug transfer trace { enable| disable }
Mobility Express Controller Commands8
Mobility Express Controller CommandsController Image Upgrade Commands
DNS CommandsAdded in ReleaseDescriptionCommand
8.2.100.1To configure the default DNSservers.
config network dns default
8.2.100.1To view a network summary,with the default DNS serverslisted, if they are enabled.
show network summary
Mobility Express Controller Commands9
Mobility Express Controller CommandsDNS Commands
DNS ACL CommandsThe following commands are used while configuring DNS IPv4 ACLs and DNS IPv6 ACLs on the CiscoMobility Express controller.
Table 1: DNS ACL Commands
Command HistoryDescriptionCommand
Introduced in 8.6.101.0Creates and configures the ACL.config flexconnect acl createacl-name
Introduced in 8.6.101.0Creates and configures the IPv6ACL.
config flexconnect ipv6 acl createacl-name
Introduced in 8.6.101.0Configures secure tunnelapplication support.
config flexconnect acl url-domainurl {snmptraps||radius}enable||disable
Introduced in 8.6.101.0Configures the secure tunnelnetwork.
config secure-tunnelnetwork{snmptraps||radius}enable||disable
Introduced in 8.6.101.0Adds the URL domain to the ACL.config flexconnect acl url-domainadd acl-nameindex
Adds the URL domain to the IPv6ACL.
config flexconnect ipv6 aclurl-domain add acl-nameindex
Introduced in 8.6.101.0Configures the URL name in theACL.
config flexconnect acl url-domainurl acl-nameindexurl-name
Configures the URL name in theIPv6 ACL.
config flexconnect ipv6 aclurl-domain urlacl-nameindexurl-name
Introduced in 8.6.101.0Deletes the URL domain from theACL.
config flexconnect acl url-domaindelete acl-nameindex
Deletes the IPv6URL domain fromthe ACL.
config flexconnect ipv6 aclurl-domain delete acl-nameindex
Introduced in 8.6.101.0Configures the action of an ACLrule.
config flexconnect acl url-domainaction acl-nameindex permit|deny
Configures the action of an IPv6ACL rule.
config flexconnect ipv6 aclurl-domain action acl-nameindexpermit|deny
Mobility Express Controller Commands10
Mobility Express Controller CommandsDNS ACL Commands
Command HistoryDescriptionCommand
Introduced in 8.6.101.0Adds or deletes policy IPv4 ACLon the Flexconnect group.
config flexconnect groupgroup-namepolicy acl {add|delete}acl-name
Adds or deletes policy IPv6 ACLon the Flexconnect group.
config flexconnect groupgroup-namepolicy ipv6 acl {add|delete}acl-name
Applies the IPv4 ACL to the APs.config flexconnect acl applyacl-name
Applies the IPv6 ACL to the APs.config flexconnect ipv6 acl applyacl-name
Introduced in 8.6.101.0Configures WLAN for web-authIPv4 ACL on the Flexconnectgroup.
config flexconnect groupgroup-nameweb-authwlanwlan-idaclacl-name{enable|disable}
Introduced in 8.6.101.0Configures WLAN for web-authIPv6 ACL on the Flexconnectgroup.
config flexconnect groupgroup-nameweb-authwlanwlan-id ipv6aclacl-name{enable|disable}
Introduced in 8.6.101.0Displays the summary of theAccess Control Lists or the detailedAccess Control List information.
show flexconnect acl {summary|detailed acl-name}
Introduced in 8.6.101.0Displays the summary of the IPv6Access Control Lists or the detailedIPv6 Access Control Listinformation.
show flexconnect ipv6acl{summary |detailed acl-name}
Mobility Express Controller Commands11
Mobility Express Controller CommandsDNS ACL Commands
Efficient AP Join CommandThe following command is used to configure the efficient AP join in the Cisco Mobility Express network.
Added in ReleaseDescriptionCommand
8.8.100.0To configure efficient join.config flexconnect groupdefault-flexgroupefficient-join {enable |disable}
Mobility Express Controller Commands12
Mobility Express Controller CommandsEfficient AP Join Command
EoGRE CommandsThe following commands are available once Ethernet over GRE (EoGRE) configurations are enabled for theCisco Mobility Express network. EoGRE tunnels in Cisco Mobility Express only support FlexConnect mode.
Added in ReleaseDescriptionCommand
8.8.100.0To add or delete custom CCXmulticast addresses for RFIDtag tracking.
The addresses that can beconfigured include 0x01,0x40, 0x96, 0x00, and0x03.
config tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0To add a new rule to theprofile.
config tunnel profile ruleadd profile-namerealm-filter realm-stringeogre vlanvlan-iddomain-name
8.8.100.0To delete an existing rulefrom the profile.
config tunnel profile ruledelete profile-namerealm-filter realm-string
8.8.100.0To modify an existing rule.config tunnel profile rulemodify profile-namerealm-filter realm-stringeogre vlanvlan-iddomain-name
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0Toconfig tunnel
8.8.100.0To configure the RFIDmessage rate limit over acycle of processing.
config rfid rate-limit
Mobility Express Controller Commands13
Mobility Express Controller CommandsEoGRE Commands
Added in ReleaseDescriptionCommand
8.8.100.0To enable or disable RFID tagdata collection.
config rfid status {enable |disable}
8.8.100.0To configure the RFID tagdata timeout.
config rfid timeout
8.8.100.0To display the summary ofRFID tags that are clients.
show rfid client
8.8.100.0To display the configurationoptions for RFID tag tracking.
show rfid config
8.8.100.0To display detailedinformation for a specifiedRFID tag.
show rfid detail
8.8.100.0To display summaryinformation for all knownRFID tags.
show rfid summary
Mobility Express Controller Commands14
Mobility Express Controller CommandsEoGRE Commands
Migration CommandsThe following commands are used for converting an AP fromMobility Express software image to LightweightCAPWAP AP software image, and vice-versa.
Added in ReleaseDescriptionCommand
8.1.122.0To convert ap-type fromMobility Express toCAPWAP
ap-type capwap
8.1.122.0To convert ap-type fromCAPWAP to MobilityExpress, when running anMobility Express softwareimage
ap-type mobilityexpresstftp://tftp_server/file_name
8.1.122.0To convert all APs to typeCAPWAP simultaneouslyfrom the switch
config ap unifiedmodeswitch_nameswitch_IP_address
Mobility Express Controller Commands15
Mobility Express Controller CommandsMigration Commands
mDNS CommandsThe following commands are used to configure multicast DNS in the Cisco Mobility Express network.
Added in ReleaseDescriptionCommand
Introduced in 8.8.120.0To configure the mDNSpolicy. You can enable ordisable and mDNS accesspolicy, and also configure andmDNS service group.
config mdns policy {disable| enable | service-group}
Introduced in 8.8.120.0To create an mDNS servicegroup, enter the service groupname and the description.
config mdns policyservice-group create<service-group-name>[<service-group-description>]
Introduced in 8.8.120.0To delete an mDNS servicegroup, enter the service groupname.
config mdns policyservice-group delete<service-group-name>
Introduced in 8.8.120.0To add a device-mac to themDNS service group, enterthe service group name,MACaddress, the device name, andthe location type.
Enter the device location typeas AP_LOCATION, orAP_NAME, or AP_GROUP.
To delete a device-mac, enterthe service group name andthe MAC address.
config mdns policyservice-group device-mac{add <service-group-name><mac-addr><device-name><location-type><device-location> | delete<service-group-name><mac-addr>}
Introduced in 8.8.120.0To add or delete the mDNSpolicy service groupusername, enter the servicegroup name and the username.
config mdns policyservice-group user-name{add | delete}<service-group-name><user-name>
Introduced in 8.8.120.0To add or delete the mDNSpolicy service group user role,enter the service group nameand the username.
config mdns policyservice-group user-role {add| delete}<service-group-name><user-name>
Mobility Express Controller Commands16
Mobility Express Controller CommandsmDNS Commands
Added in ReleaseDescriptionCommand
Introduced in 8.8.120.0To view the mDNS accesspolicy status, total number ofmDNS policies, and numberof admin configured policies.
The summary keyworddisplays the access policystatus, total number of mDNSpolicies, and number of adminconfigured policies.
Thedetailedkeyword displaysdetails of a particular servicegroup name.
show mdns policyservice-group {summary |detailed<service-group-name>}
8.8.100.0To clear the mDNS servicedatabase.
clearmdns service-database
8.8.100.0To configure the mDNSservice. You can create aservice, mention the origin,enable or disable a query, anddelete a service.
config mdns service
8.8.100.0To enable or disable locationspecific service on a specificmDNS service or all mDNSservices.
config mdns service lss
8.8.100.0To configure learning ofservices fromwired, wireless,or both.
config mdns service origin
8.8.100.0To enablemDNS snooping onthe WLAN.
config mdns snooping{enable | disable}
8.8.100.0To configure an mDNSprofile.
config mdns profile {create| delete}
8.8.100.0To configure mDNS for aWLAN.
config wlan mdns {enable |disable}
8.8.100.0To map an mDNS profile to aWLAN.
config wlan mdns profile
8.8.100.0To set the value of the mDNSquery in minutes.
config mdns query interval
Mobility Express Controller Commands17
Mobility Express Controller CommandsmDNS Commands
Added in ReleaseDescriptionCommand
8.8.100.0To configure the mDNSservice. You can create aservice, mention the origin,enable or disable a query, anddelete a service.
config mdns service
8.8.100.0To configure a query for anmDNS service.
config mdns service query{enable | disable}
8.8.100.0To configure an mDNSprofile to a service
config mdns profile service{add | delete}
8.8.100.0To view themDNS profile fora client.
show client detail
8.8.100.0To view information about themDNS domain names.
showmdns domain-name-ipsummary
8.8.100.0To display the informationabout all mDNS profiles or aparticular mDNS profile.
show mdns profile
8.8.100.0To display the informationabout all mDNS services or aparticular mDNS service.
show mdns service
8.8.100.0To view the mDNS details fora network.
show network summary
8.8.100.0To view information about anmDNS profile that isassociated with a WLAN.
show wlan
Mobility Express Controller Commands18
Mobility Express Controller CommandsmDNS Commands
Next Preferred Master AP and Forced FailoverAdded in ReleaseDescriptionCommand
8.3.102.0To set the next preferredmaster AP.
config apnext-preferred-mastercisco_ap_name
8.3.102.0To set the next preferredmaster AP and to manuallytrigger a failover to that AP.
config apnext-preferred-mastercisco_ap_nameforced-failover
Mobility Express Controller Commands19
Mobility Express Controller CommandsNext Preferred Master AP and Forced Failover
NTP CommandsAdded in ReleaseDescriptionCommand
8.2.100.1To configure the fullyqualified domain name of theNTP server having, forexample here, NTP index 1.
config time ntp server 1FQDN_of_server
8.2.100.1To configure the IP address ofthe NTP server having, forexample here, NTP index 2.
config time ntp server 2NTP_Server_IP_address
Mobility Express Controller Commands20
Mobility Express Controller CommandsNTP Commands
RFID CommandsThe following commands are used to configure and monitor tracking of Radio Frequency Identifier (RFID)tags in the Cisco Mobility Express network.
Added in ReleaseDescriptionCommand
8.8.100.0To add or delete custom CCXmulticast addresses for RFIDtag tracking.
The addresses that can beconfigured include 0x01,0x40, 0x96, 0x00, and0x03.
config rfid ccx
8.8.100.0To configure the RFIDmessage rate limit over acycle of processing.
config rfid rate-limit
8.8.100.0To enable or disable RFID tagdata collection.
config rfid status {enable |disable}
8.8.100.0To configure the RFID tagdata timeout.
config rfid timeout
8.8.100.0To display the summary ofRFID tags that are clients.
show rfid client
8.8.100.0To display the configurationoptions for RFID tag tracking.
show rfid config
8.8.100.0To display detailedinformation for a specifiedRFID tag.
show rfid detail
8.8.100.0To display summaryinformation for all knownRFID tags.
show rfid summary
Mobility Express Controller Commands21
Mobility Express Controller CommandsRFID Commands
TLS Gateway CommandsThe following commands are used while configuring a secure TLS tunnel to enable the CiscoMobility Expresscontroller to communicate with the TLS gateway.
Table 2: TLS Secure Tunnel Gateway Commands
Command HistoryDescriptionCommand
Introduced in 8.6.101.0Configures the TLS secure tunnelgateway parameters: gatewayFQDN, gateway IP Address, andgateway port.
config secure-tunnelgateway{fqdn||ip-address||ip-address}
Introduced in 8.6.101.0Configures secure tunnel PSKcipher parameters.
config secure-tunnelpsk{identity||key}
Introduced in 8.6.101.0Configures secure tunnelapplication support.
config secure-tunnelapplication{snmptraps||radius}enable||disable
Introduced in 8.6.101.0Configures the secure tunnelnetwork.
config secure-tunnelnetwork{snmptraps||radius}enable||disable
Introduced in 8.6.101.0Configures secure tunnel support.config secure-tunnelenable||disable
Introduced in 8.6.101.0Displays the summary of the securetunnel configuration and the securetunnel runtime information.
show secure-tunnel summary
Introduced in 8.6.101.0Displays the details of the securetunnel configured networks,runtime information, Cloud DNSservers, secure tunnel routes and soon.
show secure-tunnel detail
Introduced in 8.6.101.0Displays the secure tunnel statistics.show secure-tunnel statistics
Introduced in 8.6.101.0Displays the debug information ofthe secure tunnel.
show secure-tunnel debug-info
Mobility Express Controller Commands22
Mobility Express Controller CommandsTLS Gateway Commands
VRRP CommandsThe following Virtual Router Redundancy Protocol (VRRP) commands are used during the Mobility Expresscontroller failover and for the master AP.
Added in ReleaseDescriptionCommand
8.1.122.0To configure the master APthat has been elected to takeover as the new master AP
config apnext-preferred-master
8.1.122.0To display the status of themaster AP
show ap next-preferred-master
8.1.122.0To clear the configuration ofthe master AP
clear ap next-preferred-master
8.8.100.0To display the VRID.show mob-exp vrrp vrid
8.8.100.0To display the VRRP MACshow mob-exp vrrp mac
8.8.100.0To configure a new VRID.The range for new_vrid is 1 to255 where the default is 1.
config mob-exp vridnew_vrid
Mobility Express Controller Commands23
Mobility Express Controller CommandsVRRP Commands
WLAN Security CommandsAdded in ReleaseDescriptionCommand
8.2.100.1To enable or disable CCKMconfig wlan security wpa akmcckm {enable | disable}wlan_id
Mobility Express Controller Commands24
Mobility Express Controller CommandsWLAN Security Commands