Wireless: Controller configuration using CLI

Configuring WLC using web interface is really easy, however there may be times you are forced to use CLI to get the job done, times like you have an outdated version of Java and you are in an environment that has no public network access, times like your IE simply cannot open and you do not have alternative and you are in an environment without public network access.

Startup script

Startup script will start if no configuration file is found.

System Name [Cisco_f2:39:e0] (31 characters max):

Enter Administrative User Name (24 characters max): cisco

Enter Administrative Password (24 characters max): *****

Re-enter Administrative Password                 : *****

Management Interface IP Address:

Management Interface Netmask:

Management Interface Default Router:

Management Interface VLAN Identifier (0 = untagged): 10

Management Interface Port Num [1 to 8]: 1

Management Interface DHCP Server IP Address:

AP Manager Interface IP Address:

AP-Manager is on Management subnet, using same values

AP Manager Interface DHCP Server (

Virtual Gateway IP Address:

Mobility/RF Group Name: test-group

Network Name (SSID): openaccess

Allow Static IP Addresses [YES][no]:

Configure a RADIUS Server now? [YES][no]: no

Warning! The default WLAN security policy requires a RADIUS server.

Please see documentation for more details.

Enter Country Code list (enter ‘help’ for a list of countries) [US]: sg

Global Public Safety State: Already configured, Configuring Local States…

Enable 802.11b Network [YES][no]:

Enable 802.11a Network [YES][no]:

Enable 802.11g Network [YES][no]:

Enable Auto-RF [YES][no]:

Configure a NTP server now? [YES][no]:

Enter the NTP server’s IP address:

Enter a polling interval between 3600 and 604800 secs: 3600

Configuration correct? If yes, system will save it and reset. [yes][NO]: yes

Configuration saved!

Resetting system with new configuration…

Configure dynamic interface

(Cisco Controller) >config interface create user-99 99

(config interface create <name of the dynamic interface> <vlan-id>)

(Cisco Controller) >config interface address dynamic-interface user-99

(config interface address dynamic-interface <dynamic interface name> <dynamic interface ip address> <netmask> <gateway>)

(Cisco Controller) >config interface vlan user-99 99

(config interface vlan <dynamic interface name> <vlan-id>

(Cisco Controller) >config interface dhcp dynamic-interface user-99 primary

(config interface dhcp dynamic-interface <dynamic interface name> <primary/option 82> <dhcp ip address> <secondary>)

(Cisco Controller) >config interface port user-99 1

(config interface port <dynamic interface name> <physical port id>)

Screenshots are presented here for comparison between web GUI and CLI.

Configure WLAN

(Cisco Controller) >config wlan create 2 user-99 user-99

(config wlan create <wlan id> <wlan profile name> <wlan ssid>)

Note: Do not care about the discrepancy between the web gui and cli, the main motive is to relate the command line with the graphic user interface.

(Cisco Controller) >config wlan interface 2 user-99

(config wlan interface <WLAN id> <static/dynamic interface name>)

(Cisco Controller) >config wlan enable 2

(config wlan enable <wlan id>/ all)

(Cisco Controller) >config wlan security wpa enable 2

Request failed – WLAN 2 is enabled. Disable WLAN to configure.

(Cisco Controller) >config wlan disable 2

(Cisco Controller) >config wlan security wpa enable 2

(config wlan security wpa enable <wlan id>)

(Cisco Controller) >config wlan security wpa wpa2 ciphers aes enable 2

(config wlan security wpa wpa2 ciphers <aes or tkip> enable <wlan id>)

(Cisco Controller) >config wlan security wpa akm psk set-key ascii cisco123 2

(config wlan security wpa akm psk set-key <ascii/hex> <psk key value> <wlan id>)

(Cisco Controller) >config wlan security wpa akm psk enable 2

(config wlan security wpa akm psk enable <wlan id>)

Configure H-REAP

(Cisco Controller) >config wlan h-reap local-switching 2 enable

(config wlan h-reap <local-switching or learned ip address, but local-switching must turn on first> <wlan id> enable)

(Cisco Controller) >config wlan h-reap learn-ipaddr 2 enable

WLAN already in the requested state.

(Cisco Controller) >show ap summary

(Cisco Controller) >show ap summary

Number of APs……………………………… 2

Global AP User Name………………………… Not Configured
Global AP Dot1x User Name…………………… Not Configured

AP Name             Slots  AP Model             Ethernet MAC       Location          Port  Country  Priority
——————  —–  ——————-  —————–  —————-  —-  ——-  ——
AP0024.c4a2.a19a     2     AIR-LAP1242AG-E-K9   00:24:c4:a2:a1:9a  default location  1     SG       1
AP0024.c4a2.a0c0     2     AIR-LAP1242AG-E-K9   00:24:c4:a2:a0:c0  default location  1     SG       1

(Cisco Controller) >config ap mode h-reap AP0024.c4a2.a19a

Changing the AP’s mode will cause the AP to reboot.
Are you sure you want to continue? (y/n) n

Mode not changed!

Change AP name to better identify which AP is which

(Cisco Controller) >config ap name LAP2 AP0024.c4a2.a19a

(config ap name <new AP host name> <old AP host name>)


Enable 802.11g support

(Cisco Controller) >config 802.11b 11gsupport enable

Enabling this will cause your AP to reboot.



One thought on “Wireless: Controller configuration using CLI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s