Here's a list of some of the CLI scripts I often use to save some time or perform common tasks
(In these you'll see that the confidential info has been removed or replaced, so you'll need to make a few adjustments to make each of them work for you.)
(In these you'll see that the confidential info has been removed or replaced, so you'll need to make a few adjustments to make each of them work for you.)
Convert Autonomous AP to LWAPP or vise-versa
en
Cisco debug capwap console cli <-- needed on some older LWAP's ! IOS to LWAPP: archive download-sw /force /over tftp://10.0.0.1/c1140-rcvk9w8-tar.124-21a.JA2.tar LWAPP to IOS: archive download-sw /force /over tftp://10.11.121.101/c1140-k9w7-tar.124-21a.JA1.tar In both of the commands above, you need to point to the IP of your TFTP server and image to download. The LWAPP to IOS can also be done with several other AP's as long as you have the correct rcvk9w8-tar file for that model. If you need to do a complete factory default and convert from LWAPP to Autonomous at the same time:
Default login on most Cisco AP's is: Cisco / Cisco To prime or statically assign controller IP onto Lightweight AP from the AP CLI
capwap ap controller ip address X.X.X.X
This will force your Lightweight AP to join a particular controller. This is especially useful if you cannot resolve the CISCO-CAPWAP-CONTROLLER.localdomain name, and if it has never joined a controller before. Also useful when you want to ensure it joins a particular controller and not a different one. To assign an AP to a specific controller (primary, secondary, tertiary) from the WLC command line.
This is especially helpful when needing to do a large number of them. I'll post a tutorial with the whole process of gracefully roaming AP's back and forth in the near future. config ap primary-base WLC01 APCONF-1 10.1.1.1 config ap secondary-base WLC02 APCONF-1 10.1.1.2 Manually set the channel of an AP on the WLC CLI
CONFIG 802.11B CHANNEL AP APCONF-1 global Manually set the Tx power of an AP on the WLC CLI
CONFIG 802.11B TXPOWER AP APCONF-1 global Quickly copy a config file that has been edited, back onto an Autonomous AP, and then perform a reboot
copy tftp flash 10.1.1.101 NEW_EDITED_CONFIG.txt config.txt y ! reload y ! WLC command to view SFP type, SN, and supportability
debug fastpath cfgtool –dump.sfp Some other commonly used WLC CLI commands
config interface address management {ip address} {netmask} {gateway} config redundancy mode {SSO | disabled} Show interfaces summary Show port summary Show redundancy summary Show interfaces detailed management Show udi Enable Prime GUI / Web login Although user accounts can be created via CLI on Prime Infrastructure when first setting the device up, they cannot be used to log in to the Web interface. Rather than trying to configure them from the config prompt like: Lab-Prime/admin(config)# username admin password plain Password123 role admin email [email protected] Instead, configure the root username and password from the regular prompt using the "ncs" command: Lab-Prime/admin# ncs password root password Password123# Now, login to the Web GUI and create additional accounts for mgmt login and other users and assign them to the appropriate roles |
Show Config Differences in Cisco IOS
show archive config differences system:running-config nvram:startup-config Simple and Quick Tcl Script to Ping Multiple Devices
tclsh foreach ip { 192.168.12.1 192.168.12.2 192.168.23.2 192.168.23.3 192.168.34.3 192.168.34.4 192.168.45.4 192.168.45.5 192.168.56.5 192.168.56.6 192.168.67.6 192.168.67.7 } { ping $ip } exit Obviously, you will need to change the IP addresses to the devices you want to ping. I used 192.168.x.x in this example. Switch Basic Config
(works in routers too... you'll just get a couple errors) This allows me to setup a brand new or erased switch in a matter of seconds and not have to remember all the basics that I always put into all my switches. Definitely one of my most-used scripts. service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone service password-encryption ! logging buffered 16384 informational ! clock timezone MST -7 clock summer-time MDT recurring system mtu routing 1500 vtp mode transparent ip subnet-zero no ip domain-lookup ! hostname ######## ! enable secret **PASSWORD_GOES_HERE** username administrator privilege 15 secret **PASSWORD_GOES_HERE** ! spanning-tree mode rapid-pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! vlan ##### name ###### exit ! Interface vlan ##### ip helper-address ##### ! snmp-server community **PUBLIC_SNMP_HERE** RO snmp-server community **PRIVATE_SNMP_HERE** RW ! line con 0 exec-timeout 30 0 privilege level 15 password **PASSWORD_GOES_HERE** login local logging synch line vty 0 4 session-timeout 30 privilege level 15 password **PASSWORD_GOES_HERE** login local logging synch line vty 5 15 session-timeout 30 privilege level 15 password **PASSWORD_GOES_HERE** login local logging synch ! ntp server 10.0.0.1 ! end Setup NBAR on router for basic traffic analysis
NBAR script (under specific interface) ip nbar protocol-discovery Alias command to show Top-10 protocols alias exec traffic sho ip nbar prot stats bit-ra top-n 10 Setup NetFlow for traffic analysis & Top-10 talkers
NetFlow script (under specific interface) ip flow ingress ip flow egress NetFlow script (global) ip flow-cache entries 1024 ip flow-cache timeout inactive 300 ip flow-export destination 10.1.1.101 ip flow-top-talkers top 30 sort-by bytes cache-timeout 180000 |