Wireless Commands

passphrase

To set a Wi-Fi protected access (WPA) pass phrase, use the passphrase command in wireless lan profile configuration mode. To remove a pass phrase, use the no form on this command.

passphrase pass-phrase

no passphrase

Syntax Description

pass-phrase

Specifies a pass phrase to access a wireless network.

Command Default

There are no default values.

Command Modes

Wireless LAN profile configuration (config-wlan-profile)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you set a pass phrase as part of wireless configuration.

Device(config)# wlan-profile wl
Device(config-wlan-profile)# passphrase 0 Pass-Phrase-Sample123#

data-security

To configure the Wi-Fi protected access (WPA) and WPA2 data protection and network access control to use for an IEEE 802.11i wireless LAN, use the data-security command in wireless lan profile configuration mode. To remove security, use the no form of this command.

WPA authenticates individual users on the WLAN using a username and password. WPA uses the Temporal Key Integrity Protocol (TKIP), which is based on the RC4 cipher.

WPA2 implements the NIST FIPS 140-2–compliant AES encryption algorithm along with IEEE 802.1X-based authentication, to enhance user access security over WPA. WPA2 uses the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the AES cipher.

Authentication is done either using preshared keys and through RADIUS authentication

data-security security

no data-security

Syntax Description

security

Data Security Method:

Security method to apply to wireless LAN network data. It can be one of the following:

  • none—No security is applied to the WLAN data. This is the default.

  • wpa-enterprise—Also called WPA-802.1X mode. Enable WPA security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.

  • wpa-personal—Also called WPA-PSK (preshared key) mode. Enable WPA security where each user enters a username and password to connect to the WLAN. Each wireless network device encrypts network traffic using a 256-bit key. Configure the password with the wpa-personal-key command.

  • wpa/wpa2-enterprise—Enable both WPA and WPA2 security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.

  • wpa/wpa2-personal—Enable both WPA and WPA2 security using only a username and password for authentication. Configure the password with the wpa-personal-key command.

  • wpa2-enterprise—Enable WPA2 security in conjunction with a RADIUS authentication server. Configure the RADIUS server to use with the radius-servers command.

  • wpa2-personal—Enable WPA2 security using only a username and password for authentication. Configure the password with the wpa-personal-key command.

Command Default

There are no default values.

Command Modes

Wireless LAN profile configuration (config-wlan-profile)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you a configure a security type.:

Device(config)# wlan-profile-sample-1
Device(config-wlan-profile)# vlan-id 100
Device(config-wlan-profile)# ssid sample-ssid-1
Device(config-wlan -profile)# data-security personal

qos-type

To assign a Quality of Service (QoS) profile to a WLAN, use the qos-type command in wireless lan profile configuration mode. To remove a qos type, use the no form of this command.

qos-type profile-type

no qos-type

Syntax Description

profile-type

Specifies a QOS profile type.

Command Default

There are no default values.

Command Modes

Wireless LAN profile configuration (config-wlan-profile)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you assign a QOS profile to a WLAN.

Device(config)# wlan-profile-sample-1
Device(config-wlan-profile)# vlan-id 100
Device(config-wlan-profile)# ssid sample-ssid-1
Device(config-wlan -profile)# qos-type silver

radio-profile

To specify the radio channel, use the radio-profile command in global configuration mode. To remove the radio channel, use the no form of this command

radio-profile channel

no radio-profile

Syntax Description

channel

Specifies a radio channel. Choose 5Ghz or 24Ghz.

Command Default

There are no default values.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you configure a 5-GHz channel and a 24-GHz channel:

Device(config)# radio-profile 5ghz
Device(config)# radio-profile 24ghz

ssid

To configure the service set identifier (SSID) for a WLAN, use the ssid command in wireless lan profile configuration mode. To remove an ssid, use the no form of this command.

Each SSID is called a virtual access point (VAP) interface. To a client, each VAP interfaces appears as a different access point (AP) with its own SSID. To provide access to different networks, assign each VAP to a different VLAN.

ssid ssid-name

no ssid

Syntax Description

ssid-name

Specify a SSID name for the WLAN.

Command Default

There are no default values.

Command Modes

Wireless LAN profile configuration (config-wlan-profile)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you a configure a ssid for a wireless lan:

Device(config)# wlan-profile wl
Device(config-wlan-profile)# ssid dev

wireless-lan country

To configure the wireless LAN controller's country code, use the wireless-lan country command in global configuration mode.

wireless-lan country country code

Syntax Description

country code

Specifies a two-letter or three-letter country code.

Command Default

There are no default values.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you assign a country code to the wireless LAN controller.

Device(config)# wireless-lan country US

wireless-lan mgmt

To configure details for the wireless connection on the wireless LAN controller, use the wireless-lan mgmt command in global configuration mode. To remove a wireless connection, use the no form of this command.

wireless-lan mgmt { credential | { username username | password password } | ip | { address | ipv4 address } }

no wireless-lan mgmt

Syntax Description

username

Specifies the user name for the wireless LAN controller.
password

Specifies the password for the wireless LAN controller.
ipv4 address

Specifies the ip address for the wireless LAN controller.

Command Default

There are no default values.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you configure details for the wireless connection on the wireless LAN controller.

Device(config)# wireless-lan mgmt ip address 10.10.1.100 255.255.0.0 default-gateway
192.168.1.1
Device(config)# wireless-lan mgmt credential username admin password 0 sRe32dfst#asd

wlan-profile

To configure a wireless lan profile, use the wlan-profile command in global configuration mode. To remove a wireless lan profile, use the no form of this command.

wlan-profile profile-name

no wlan-profile

Syntax Description

profile-name

Specify a profile name used to identify the wireless profile.

Command Default

There are no default values.

Command Modes

Global configuration (config)

Command History

Release Modification

Cisco IOS XE Catalyst SD-WAN Release 17.6.1a

Command qualified for use in Cisco vManage CLI templates.

In the following example, you configure a wireless lan profile:

Device(config)# wlan-profile wl