Cisco Aironet AP IOS

Prompt types

! unelevated prompt
ap> enable
Password:
! elevated prompt
ap# configure terminal
! config mode
ap(config)#

Recommended Base Actions

ap# configure terminal

! enable encryption on both radios and enable the interfaces
ap(config)# interface dot11Radio 0
ap(config-if)# encryption mode ciphers aes-ccm
ap(config-if)# no shutdown
ap(config-if)# exit
ap(config)# interface dot11Radio 1
ap(config-if)# encryption mode ciphers aes-ccm
ap(config-if)# no shutdown
ap(config-if)# exit

! enable https access
ap(config)# ip http secure-server
! enable ssh access
??????
! disable http access
ap(config)# no ip http server

! set Cisco user as read-write admin and change password
ap(config)# username Cisco privilege 15 password <password>

ap(config)# exit
ap# write memory

Create SSID:

ap# configure terminal
ap(config)# dot11 ssid <ssid name>

! assign SSID to VLAN
ap(config-ssid)# vlan <vlan-id>

! set authentication to wpa2
ap(config-ssid)# authentication open
ap(config-ssid)# authentication key-management wpa version 2

! set wpa passphrase
ap(config-ssid)# wpa-psk ascii <passphrase>

! make ssid visible
ap(config-ssid)# guest-mode
ap(config-ssid)# exit

! assign ssid to interface
ap(config)# interface dot11Radio <radio no.>
! 0=2.4GHz, 1=5GHz

! enable encryption required for WPA
ap(config-if)# encryption [vlan <vlan-id>] mode ciphers aes-ccm
ap(config-if)# ssid <ssid name>

! enable radio interface
ap(config-if)# no shutdown
ap(config-if)# exit

Delete SSID:

ap# configure terminal
ap(config)# no dot11 ssid <ssid name>

List SSIDs:

ap# show dot11 bssid

List Associations:

ap# show dot11 associations

Create VLAN:

ap# configure terminal
ap(config)# interface GigabitEthernet 0.<vlan id>
ap(config-if)# encapsulation dot1Q <vlan id>
ap(config-if)# bridge-group <vlan id>
ap(config-if)# exit
ap(config)# dot11 vlan-name <name> vlan <vlan id>

Set management IP:

! this will be on the untagged vlan
ap# configure terminal
ap(config)# interface bvi1
ap(confg-if)# ip address <address> <mask>

View vlans:

ap# show vlans

Save changes:

ap# write memory
! or
ap# copy running-config startup-config

Update firmware:

ap# archive download-sw /overwrite /reload tftp://location/image-name

Backup config:

ap# copy running-config tftp://location/config-name
! or
ap# write network tftp://location/config-name

Useful:

! disable paging
ap# terminal length 0

! print saved config to terminal
ap# show configuration
! print running config to terminal
ap# show running-config
! load new config
ap# copy tftp://location/config-name system:running-config

! enable https access
ap(config)# ip http secure-server
! disable http access
ap(config)# no ip http server

WPA2 Enterprise setup

Mac tftp setup

sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
# start tftp server
sudo launchctl start com.apple.tftpd
# set permissions on all files
sudo chmod 777 /private/tftpboot
sudo chmod 777 /private/tftpboot/*
# to write a file create an empty file first
sudo touch /private/tftpboot/running-config
sudo chmod 777 /private/tftpboot/running-config

Cisco SG300 CLI

Setup vlans:

sg300# configure terminal

! create vlan
sg300(config)# vlan database
sg300(config-vlan)# vlan <vlan id>

! set default vlan
sg300(config-vlan)# default-vlan vlan <vlan id>
sg300(config-vlan)# exit

! set vlan name
sg300(config)# interface vlan <vlan id>
sg300(config-if)# name <vlan name>

! set vlan ip address (layer 3)
sg300(config-if)# ip address <A.B.C.D|dhcp>
sg300(config-if)# exit

Assign vlans to ports:

sg300# configure terminal
sg300(config)# interface <range ge<interface range>|ge<1-20>>

! set port description
sg300(config-if)# description <text>

! set port to access mode
sg300(config-if)# switchport mode access
sg300(config-if)# switchport access vlan <vlan id>

! set port to trunk mode
sg300(config-if)# switchport mode trunk
! set untagged vlan
sg300(config-if)# switchport trunk native vlan <vlan id>
sg300(config-if)# switchport trunk allowed vlan add <vlan ids>

Set switch mode:

! enter layer 3 mode (erases config)
sg300# set system mode router
! enter layer 2 mode (erases config)
sg300# set system mode switch

Backup config:

sg300# copy running-config tftp://location/config-name

Upload config:

sg300# copy tftp://location/config-name running-config

Update firmware:

sg300# copy tftp://location/image-name image
! make the uploaded firmware active on next boot
sg300# boot system image-<1|2>

! update boot code
sg300# copy tftp://location/boot-name boot

View vlans:

! list configured vlans
sg300# show vlan
! view port and vlan configuration on port
sg300# show interfaces switchport ge<1-20>

Set management ip (layer 2):

sg300# configure terminal
sg300(config)# interface vlan <vlan id>
sg300(config-if)# ip address <ip> <mask>

Set management ip (layer 3):

! on interface/vlan
sg300# configure terminal
sg300(config)# interface <vlan <vlan id>|ge<1-20>>
sg300(config-if)# ip address <A.B.C.D|dhcp>

Save changes:

sg300# write memory
! or
sg300# copy running-config startup-config

Set boot image:

sg300# boot system image-<1|2>

Useful:

! list interface descriptions
sg300# show interfaces description
! view if https is active
sg300# show ip https
! terminal info
sg300# show line
! show image information, including version and active image
sg300# show bootvar
! print config to terminal
sg300# show running-config
! system info, including uptime, hostname & MAC address
sg300# show system
! disable terminal paging
sg300# terminal datadump
! renew dhcp lease
sg300# renew

! set hostname
sg300(config)# hostname
! enable/disable HTTPS
sg300(config)# [no] ip http secure-server
! enable/disable SSH server
sg300(config)# [no] ip ssh server
! add static route (layer 3)
sg300(config)# ip route
! turn off fornt-panel leds
sg300(config)# disable ports leds

! set control cable crossover to automatic
sg300(config-if)# mdix auto
! disable all STP on port
sg300(config-if)# spanning-tree disable