Cisco Wireless : FlexConnect Debug Commands

Today I am going to talk about some of the commands used for debugging or troubleshooting in the Wireless FlexConnect Scenario. 

WLAN-VLAN mapping

Debug Commands on AP

debug capwap flexconnect save

debug capwap flexconnect wlan-vlan

debug capwap flexconnect

Advanced 

debug capwap cli cli -- Prints the commands executed on the AP to create sub-interfaces

Debug commands on controller

debug flexconnect wlan-vlan

Fig 1.1-Sample Topology FlexConnect Mode

Show command at AP

sh capwap reap saved -- Shows the saved config from flash

sh capwap reap assoc

Show command at controller

sh ap config general <AP_name>

VLAN-ACL mapping, FLexconnect ACLs

Debug command on AP

debug ip access-list internal

show command on Controller

show flexconnect acl summary

show flexconnect acl detail <acl>

show ap config general <AP name>

show command on AP

sh run | b inter gig0.x -- for checking ACL on the interface

Debug command on AP

(this is to avoid SSH timeout)

debug capwap console cli

config t

line vty 0 4

exec-timeout 0

session-timeout 0

term len 0

term mon

debug capwap flexconnect

debug capwap flexconnect mgmt

debug capwap client config

debug capwap client mgmt

debug capwap client payload ( if this adds lot of traffic, please disable it)

debug dot11 mgmt station

debug dot11 mgmt state-machine

debug dot11 mgmt state

debug dot11 mgmt interface

debug dot11 mgmt msg

debug dot11 station connection failure

debug dot11 mgmt flexconnect 11w

debug dot11 ft

debug capwap flexconnect dot11r

debug dot11 wpa-cckm-km-dot1x

Radio debug:-

debug dot11 d0/d1 monitor address <Client mac>

debug dot11 d0/d1 tr pr xmt rcv clients keys ...

             (OR) debug dot11 d1 trace print clients mgmt keys rxev txev rcv xmt txfail ba

             u all - To stop debug.

Debug Command on COS AP

WCP Debugs:               

debug dot11 client level events addr <mac>               

debug dot11 client level errors addr <mac>               

debug dot11 client level critical addr <mac>

debug dot11 client level info addr <mac> ( Info = This will get additional info, but may only be needed for indepth debugging)

Client Datapath:                

debug dot11 client datapath eapol addr <mac>               

debug dot11 client datapath dhcp addr  <mac>

debug dot11 client datapath arp addr  <mac>

Client AP traces:                

config ap client-trace address add <mac>              

config ap client-trace output console-log enable               

config ap client-trace filter all enable

config ap client-trace filter probe disable

config ap client-trace start                

term mon               

exec-timeout 0 0  

config ap client-trace stop - To stop debug.

Debug command on Controller

debug client <mac of client>

debug aaa events enable

debug ft events enable

debug flexconnect aid enable

debug flexconnect pmk enable

config session-timeout  0 ===> to disable timeout on WLC debugs

Show command on AP

sh bridge

sh bridge verbose

Local Authentication/Fast Roam at AP issues

Debug command on AP

In addition to the debugs for the client join issue, following should be enabled

debug dot11 aaa authenticator

deb dot11 aaa dispatcher

deb dot11 aaa manager all

debug aaa authentication

Debug command on Controller

debug client <mac of client>

debug flexconnect pmk enable

Fault Tolerance (Radio reset/Client Deauth)

Debug command on AP

debug dot11 mgmt flexconnect

debug capwap flexconnect fault-tolerance

debug dot11 mgmt flexconnect fault-tolerance

debug dot11 events (advanced)

Debug command on Controller

debug flexconnect fault-tol