service

Service commands are used to view and manage configurations. The service commands and their corresponding parameters vary from mode to mode. The User Exec mode and Priv Exec mode commands provide same functionalities with a few minor changes. The Global Config service command sets the size of history files. It also enables viewing the current mode's CLI tree.

Supported in the following platforms:

Syntax (User Exec Mode)

Service Commands - Intro

service [block-adopter-config-update|clear|cli-tables-skin|cluster|database|
delete-offline-aps|force-send-config|force-update-vm-stats|guest-registration|load-balancing|
load-ssh-authorized-keys|locator|radio|radius|request-full-config-from-adopter|set|show|smart-rf|
ssm|snmp|snmpv3|syslog|wireless]
service [block-adopter-config-update|request-full-config-from-adopter]
service clear [adoption|captive-portal-page-upload|command-history|device-upgrade|
diag|dpi|file-sync|noc|reboot-history|unsanctioned|upgrade-history|virtual-machine-history|
web-filter|wireless|xpath]
service clear adoption history {on <DEVICE-NAME>}
service clear device-upgrade history {on <DOMAIN-NAME>}
service clear dpi [all|app|app-category] stats {on <DEVICE-OR-DOMAIN-NAME>}
service clear diag pkts
service clear file-sync history {on <DOMAIN-NAME>}
service clear captive-portal-page-upload history {on <DOMAIN-NAME>}
service clear [command-history|reboot-history|upgrade-history|virtual-machine-history] 
{on <DEVICE-NAME>}
service clear noc statistics
service clear unsanctioned aps {on <DEVICE-OR-DOMAIN-NAME>}
service clear web-filter cache {on <DEVICE-NAME>}
service clear wireless [ap|client|controller-mobility-database|dns-cache|radio|wlan]
service clear wireless controller-mobility-database
service clear wireless [ap|client|controller-mobility-database|dns-cache|radio|wlan]
service clear wireless controller-mobility-database
service clear wireless [ap|client] statistics {<MAC>} {(on <DEVICE-OR-DOMAIN-NAME>)}
service clear wireless dns-cache on {(on <DEVICE-OR-DOMAIN-NAME)}
service clear wireless radio statistics {<MAC/HOSTNAME>} {<1-3>}  
{(on <DEVICE-OR-DOMAIN-NAME>)}
service clear wireless wlan statistics {<WLAN-NAME>} {(on <DEVICE-OR-DOMAIN-NAME)}
service clear xpath requests {<1-100000>}
service cli-tables-skin [ansi|hashes|minimal|none|percent|stars|thick|thin|utf-8] 
{grid}
service cluster force [active|configured-state|standby]
service database [authentication|replica-set|start-shell]
service database authentication [create-user|delete-user]
service database authentication create-user username <USER-NAME> password <PASSWORD>
service database authentication delete-user username <USER-NAME>
service database replica-set force-configured-state
service database start-shell
service delete-offline-aps [all|offline-for]
service delete-offline-aps offline-for days <0-999> {time <TIME>}
service force-send-config {on <DEVICE-OR-DOMAIN-NAME>}
service force-update-vm-stats {on <DEVICE-NAME>}
service guest-registration [backup|delete|export|import]
service guest-registration backup [delete|restore]
service guest-registration delete [all|email <EMAIL-ADD>|group <RAD-GROUP-NAME>|
mac <MAC>|mobile <MOBILE-NUMBER>|name <CLIENT-FULL-NAME>|non-social|offline-for days <1-999>|
otp-incomplete-for days <1-999>|social [facebook|google]|wlan <WLAN-NAME>]
service guest-registration export format [csv|json] <DEST-URL> 
{(rfdomain <DOMAIN-NAME>|time [1-Day|1-Month|1-Week|2-Hours|30-Mins|5-Hours|all]|
wlan <WLAN-NAME>)}
service guest-registration import format <JSON> <SOURCE-URL>
service load-balancing clear-client-capability [<MAC>|all] {on <DEVICE-NAME>}
service load-ssh-authorized-keys <PUBLIC-KEY> {on <DEVICE-NAME>}
service locator {<1-60>} {(on <DEVICE-NAME>)}
service radio <1-3> [adaptivity|channel-switch|dfs]
service radio <1-3> adaptivity
service radio <1-3> channel-switch <36-196> [160|20|40|80]
service radio <1-3> dfs simulator-radar [extension|primary]
service radius test [<IP>|<HOSTNAME>] [<WORD>|<PORT>]
service radius test [<IP>|<HOSTNAME>] <WORD> <USERNAME> <PASSWORD> 
{wlan <WLAN-NAME> ssid <SSID>} {(on <DEVICE-NAME>)}
service radius test [<IP>|<HOSTNAME>] port <1024-65535> <WORD> <USERNAME> <PASSWORD> 
{wlan <WLAN-NAME> ssid <SSID>} {(on <DEVICE-NAME>)}
service set validation-mode [full|partial] {on <DEVICE-NAME>}
service show [block-adopter-config-update|captive-portal|cli|client-identity-defaults|
command-history|configuration-revision|crash-info|dhcp-lease|diag|fast-switching|fib|
fib6|guest-registration|info|ip-access-list|mac-vendor|mem|mint|noc|nsight|pm|process|
reboot-history|rf-domain-manager|sites|snmp|ssh-authorized-keys|startup-log|sysinfo|
top|upgrade-history|virtual-machine-history|watch-dog|wireless|xpath-history]
service show block-adopter-config-update
service show captive-portal [log-internal|servers|user-cache]
service show captive-portal log-internal
service show captive-portal [servers|user-cache] {on <DEVICE-NAME>}
service show [cli|client-identity-defaults|configuration-revision|mac-vendor <OUI/MAC>|
noc diag|snmp session|xpath-history]
service show [command-history|crash-info|info|mem|process|reboot-history|startup-log|
ssh-authorized-keys|sysinfo|top|upgrade-history|watchdog] {on <DEVICE-NAME>}
service show ip-access-list wlan <WLAN-NAME> status {detail} 
{on <DEVICE-OR-DOMAIN-NAME>}
service show dhcp-lease {<INTERFACE-NAME>|pppoe1|vlan <1-4094>|wwan1} 
(on <DEVICE-NAME>)}
service show diag [fds|led-status|pkts|psu|stats]
service show diag [fds|pkts]
service show diag [led-status|psu|stats] {on <DEVICE-NAME>}
service show fast-switching {on <DEVICE-NAME>}
service show [fib|fib6] {table-id <0-255>}
service show guest-registration [export-status|import-status|restore-status]
service show mint [adopted-devices {on <DEVICE-NAME>}|ports]
service show pm {history} {(on <DEVICE-NAME>)}
service show rf-domain-manager [diag|info] {<MAC/HOSTNAME>} 
{(on <DEVICE-OR-DOMAIN-NAME>)}
service show sites
service show virtual-machine-history {on <DEVICE-NAME>}
service show wireless [aaa-stats|adaptivity-status|client|config-internal|
credential-cache|dns-cache|log-internal|meshpoint|neighbors|radar-status|radio-internal|reference|
stats-client|vlan-usage]
service show wireless [aaa-stats|adaptivity-status|credential-cache|dns-cache|
radar-status|vlan-usage] {on <DEVICE-NAME>}
service show wireless [config-internal|log-internal|neighbors]
service show wireless [client|meshpoint neighbor] proc [info|stats] {<MAC>} 
{{on <DEVICE-OR-DOMAIN-NAME>)}
service show wireless radio-internal [radio1|radio2] <LINE>
service show wireless reference [channels|frame|handshake|mcs-rates|reason-codes|
status-codes]
service show wireless stats-client diag {<MAC/HOSTNAME>} 
{(on <DEVICE-OR-DOMAIN-NAME>)}
service smart-rf [clear-config|clear-history|clear-interfering-aps|save-config]
service smart-rf clear-config {<MAC>|<DEVICE-NAME>|on <DOMAIN-NAME>}
service smart-rf [clear-history||clear-interfering-aps|save-config] {on <DOMAIN-NAME>}
service ssm [dump-core-snapshot|trace]
service ssm trace pattern <WORD> {on <DEVICE-NAME>}
service syslog test {level [<0-7>|alerts|critical|debugging|emergencies|errors|
informational|notifications|warnings]} {(on <DEVICE-NAME>)}
service wireless [add-neighbor|client|coverage-hole-incident|dump-core-snapshot|
meshpoint|qos|trace|unsanctioned|wips]
service wireless add-neighbor <1-2> mac <MAC-ADDRESS> preference <0-255>
service wireless client [beacon-request|quiet-element|trigger-bss-transition|trigger-wnm]
service wireless client beacon-request <MAC> mode [active|passive|table] 
channel [<CHANNEL-NUMBER>|any] duration <1-255> ssid [<SSID>|any] channel-report [<CHANNEL-LIST>|none] 
bssid [<MAC>|any] randomization-interval <0-1000> {on <DEVICE-NAME>}
service wireless client trigger-bss-transition mac <MAC> {timeout <0-65535>} 
{url <URL>} {on <DEVICE-OR-DOMAIN-NAME>}
service wireless client trigger-wnm mac <MAC> type 
[deauth-imminent|subscription-remediation] {uri <WORD>}
service wireless dump-core-snapshot
service wireless meshpoint zl <MESHPOINT-NAME> [on <DEVICE-NAME>] 
{<ARGS>|timeout <1-65535>}
service wireless qos delete-tspec <MAC> tid <0-7>
service wireless trace pattern <WORD> {on <DEVICE-NAME>}
service wireless unsanctioned ap air-terminate <MAC> {on <DOMAIN-NAME>}
service wireless wips [clear-client-blacklist|clear-event-history|dump-managed-config]
service wireless wips clear-client-blacklist [all|mac <MAC>]
service wireless wips clear-event-history {on <DEVICE-OR-DOMAIN-NAME>}

Parameters (User Exec Mode)

Service Commands - Intro

service [block-adopter-config-update|request-full-config-from-adopter]
block-adopter-config- update Blocks the configuration updates pushed from the Network Operations Center (NOC) server to adopted devices
request-full-config-from- adopter Configures a request for full configuration updates from the adopter device

In an hierarchically managed (HM) network devices are deployed in two levels. The first level consists of the NOC controllers. The second level consists of the site controllers that can be grouped to form clusters. The NOC controllers adopt and manage the site controllers. Access points within the network are adopted and managed by the site controllers. The adopted devices (Access Points and site controllers) are referred to as the adoptee. The devices adopting the adoptee are the ‘adopters‘.

service clear adoption history {on <DEVICE-NAME>}
clear adoption history Clears adoption history on this device and its adopted Access Points
on <DEVICE-NAME> Optional. Clears adoption history on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service clear device-upgrade history {on <DOMAIN-NAME>}
clear device-upgrade history Clears device upgrade history
on <DOMAIN-NAME> Optional. Clears all firmware upgrade history on a specified RF Domain
  • <DOMAIN-NAME> – Specify the RF Domain name.
service clear diag pkts
clear diag pkts Clears the looped packets queue logged by the dataplane. The dataplane logs up to 16 looped packets at a time in a separate queue, which has to be manually cleared to make space for new packet logging.

For more information on viewing logged looped packet information execute the service > show > diag > pkts command.

service clear dpi [all|app|app-category] stats {on <DEVICE-OR-DOMAIN-NAME>}
clear dpi Clears Deep Packet Inspection (DPI) statistics

When enabled, DPI allows application and/or application category recognition. The DPI statistics are maintained by the system for every hit registered by the DPI engine.

[all|app|app-category] stats Use the following filter options to clear all or specific DPI statistics:
  • all – Clears all DPI related (application and app-category) statistics
  • app – Clears only application related statistics
  • app-category – Clears only app-category related statistics
on <DEVICE-OR-DOMAIN-NAME> Optional. Clears DPI statistics based on the parameters passed on a specified device or RF Domain
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the access point, controller, service platform, or RF Domain.
service clear file-sync history {on <DOMAIN-NAME>}
clear file-sync history Clears client-bridge certificate synchronization statistics

When an access point is configured as a client bridge, the EAP-TLS X.509 (PKCS#12) certificate is synchronized between the staging-controller and adoptee client-bridge access points. This command allows you to clear client-bridge certificate synchronization statistics.

on <DOMAIN-NAME> Optional. Clears file synchronization history on all devices within a specified RF Domain
  • <DOMAIN-NAME> – Specify the RF Domain name.
service clear captive-portal-page-upload history {on <DOMAIN-NAME>}
clear captive-portal-page- upload-history Clears captive portal page upload history
on <DOMAIN-NAME> Optional. Clears captive portal page upload history on a specified RF Domain
  • <DOMAIN-NAME> – Specify the RF Domain name.
service clear [command-history|reboot-history|upgrade-history|virtual-machine-history] 
{on <DEVICE-NAME>}
clear [command-history| reboot-history| upgrade-history] Clears command history, reboot history, and/or device upgrade history
clear virtual-machine-history Clears virtual-machine history on the logged device or a specified device

This command is applicable only on the NX9500 and NX9600 series service platforms.

on <DEVICE-NAME> Optional. Clears history on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform
Note: When executing the clear virtual-machine-history command, provide the name of the service platform running the VMs.
service clear noc statistics
clear noc statistics Clears NOC applicable statistics counters
service clear unsanctioned aps {on <DEVICE-OR-DOMAIN-NAME>}
clear unsanctioned aps Clears the list of unsanctioned APs
on <DEVICE-OR-DOMAIN-NAME> Optional. Clears the list of unsanctioned APs on a specified device or RF Domain
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service clear wireless [ap|client] {<MAC>} {(on <DEVICE-OR-DOMAIN-NAME>)}
clear wireless [ap|client] statistics Clears wireless statistics counters based on the parameters passed
  • ap statistics – Clears applicable AP statistics counters
  • client statistics – Clears applicable wireless client statistics counters
<MAC> {on <DEVICE-OR-DOMAIN-NAME>} The following keywords are common to the ‘ap' and ‘client' parameters:
  • <MAC> – Optional. Clears statistics counters for a specified AP or client. Specify the AP/client MAC address.
    • on <DEVICE-OR-DOMAIN-NAME> – Optional. Clears AP/client statistics counters on a specified device or RF Domain. Specify the name of the AP, wireless controller, service platform, or RF Domain.
service clear wireless controller-mobility-database
clear wireless controller-mobility- database Clears the controller assisted mobility database
service clear web-filter cache {on <DEVICE-NAME>}
clear web-filter cache Clears the cache used for Web filtering
on <DEVICE-NAME> Optional. Clears the Web filtering cache on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service clear wireless radio statistics {<MAC/HOSTNAME> {<1-3>}}  
{(on <DEVICE-OR-DOMAIN-NAME>)}
clear wireless radio statistics Clears applicable wireless radio statistics counters
<MAC/HOSTNAME> <1-3> Optional. Specify the MAC address or hostname of the radio, or append the interface number to form the radio ID in the AA-BB-CC-DD-EE-FF:RX or HOSTNAME:RX format.
  • <1-3> – Optional. Specify the radio interface index, if not specified as part of the radio ID.
on <DEVICE-OR-DOMAIN-NAME> Optional. This is a recursive parameter, which clears wireless radio statistics on a specified device or RF Domain.
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service clear wireless wlan statistics {<WLAN-NAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}
clear wireless wlan statistics Clears WLAN statistics counters
<WLAN-NAME> Optional. Clears statistics counters on a specified WLAN. Specify the WLAN name.
on <DEVICE-OR-DOMAIN-NAME> Optional. This is a recursive parameter, which clears WLAN statistics on a specified device or RF Domain.
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service clear xpath requests {<1-100000>}
clear xpath Clears XPATH related information
requests Clears pending XPATH get requests
<1-100000>

Optional. Specifies the session number (cookie from show sessions)

  • <1-100000> – Specify the session number from 1 - 100000.
Note: Omits clearing the current session‘s pending XPATH get requests.
service cli-tables-skin [ansi|hashes|minimal|none|percent|stars|thick|thin|utf-8] 
{grid}
cli-tables-skin [ansi|hashes|minimal|none|percent|stars| thick| thin|uf-8] Selects a formatting layout or skin for CLI tabular outputs
  • ansi – Uses ANSI characters for borders
  • hashes – Uses hashes (#) for borders
  • minimal – Uses one horizontal line between title and data rows
  • none – Displays space separated items with no decoration
  • percent – Uses the percent sign (%) for borders
  • stars – Uses asterisks (*) for borders
  • thick – Uses thick lines for borders
  • thin – Uses thin lines for borders
  • utf-8 – Uses UTF-8 characters for borders
grid Optional. Uses a complete grid instead of just title lines
service cluster force [active|configured-state|standby]
cluster Enables cluster protocol management
force Forces action commands on a cluster (active, configured-state, and standby)
active Changes the cluster run status to active
configured-state Restores a cluster to the configured state
standby Changes the cluster run status to standby
service database authentication create-user username <USER-NAME> password <PASSWORD>
database Performs database related actions
authentication create-user username <USER-NAME> password <PASSWORD> Creates users having access rights to the database. Execute this command on the database host. However, before creating users, on the database, generate the database keyfile. For more information on generating the keyfile, see database (user/priv exec modes).
  • username <USER-NAME> – Configures database username
    • password <PASSWORD> – Configures a password for the username specified above

In the database-policy ensure that authentication is enabled and username and password is configured. The database-client-policy also should have the same username and password configured. For more information on database-policy and database-client-policy, see database-policy global config and database-client-policy global-config.

service database authentication delete-user username <USER-NAME>
database Performs database related actions

This command is supported only on the NX9500, NX9600, and VX9000 platforms.

database authentication delete-user username <USER-NAME> Deletes the username requires to access rights the captive-portal/NSight database
  • username <USER-NAME> – Deletes the username identified by the <USER-NAME> keyword

Once deleted, the database cannot be accessed using the specified combination of username and password.

service database start-shell
database Performs database related actions

This command is supported only on the NX9500, NX9600, and VX9000 platforms.

start-shell Starts the database shell
service delete-offline-aps all
delete-offline-aps all Deletes all off-line Access Points
service delete-offline-aps offline-for days <0-999> {time <TIME>}
delete-offline-aps Deletes Access Points that have been off-line for a specified number of days and time period
day <0-999> Specifies the number of days an Access Point stays off-line to be deleted
  • <0-999> – Specify the number of off-line days from 0 - 999.
time <TIME> Optional. Specifies the off-line time period. Access Points off-line for this period of time are deleted.
  • <TIME> – Specify the time in HH:MM:SS format.
service eguest remove-data [deleted-devices|offline-for days <0-999> {time <HH:MM:SS>}]
service eguest Enables ExtremeGuest server data maintenance
remove-data Removes offline and/or deleted devices from the ExtremeGuest server database
Note: When enabled, the device configuration and database collection is removed permanently.
Note: If a controller is removed, then its adopted APs are also removed,
deleted-devices Removes deleted devices
offline-for days <0-999> {time <HH:MM:SS>} Removes offline devices from the ExtremeGuest server database. Offline devices are devices that have not been reporting to the ExtremeGuest server for a specified number of days. Use this option to configure that threshold value. Devices that have not reported to the ExtremeGuest server for the number of days specified here are considered to be offline and removed.
  • days <0-999> – Specify the threshold, in days, from 0 - 999.
    • time <HH:MM:SS> – Option. In addition to the number of days, you can also specify the time in hours, minutes, and seconds. If specified, a device is removed if it has not reported to the server for the specified number of days and time.
service eguest restore factory-default
eguest Enables ExtremeGuest server data maintenance
restore factory-default Reinitializes the ExtremeGuest server to factory-default settings. Use this option to stop the ExtremeGuest server and database.
Note: Extreme caution is recommended, as this command deletes data related to ExtremeGuest server and database. Debug log files are also deleted.
service force-send-config {on <DEVICE-OR-DOMAIN-NAME>}
force-send-config Resends configuration to device(s)
on <DEVICE-OR-DOMAIN-NAME> Optional. Resends configuration to a specified device or all devices in a specified RF Domain
  • <DEVICE-OR-DOMAIN-NAME> – Optional. Specify the name of the AP, wireless controller, service platform, or RF Domain.
service force-update-vm-stats {on <DEVICE-NAME>}
force-update-vm-stats Forcefully pushes VM statistics on to the NOC
on <DEVICE-NAME> Optional. Executes the command on a specified device
  • <DEVICE-NAME> – Specify the name of the device.
service guest-registration backup [delete|restore]
service guest-registration backup [delete|restore] Deletes or restores all guest registration backup snapshots based on the parameter passed
  • delete – Deletes all guest registration backup snapshots
  • restores – Restores all guest registration backup snapshots
Note: To view the status of the restore process, use the service > show > guest-registration > restore-status command.
service guest-registration delete [all|email <EMAIL-ADD>|group <RAD-GROUP-NAME>|
mac <MAC>|mobile <MOBILE-NUMBER>|name <CLIENT-FULL-NAME>|non-social|
offline-for days <1-999>|wlan <WLAN-NAME>|otp-incomplete-for days <1-999>|
social [facebook|google]]
service guest-registration delete Deletes a specified user or all user records from the guest-registration database

To delete a specific user, use one of the following options as an identification parameter: email, group, mac, mobile number, name, offline-for, wlan, otp-incomplete-for, or social.

[all|email <EMAIL-ADD>|group <RAD-GROUP-NAME>| mac <MAC>|mobile <MOBILE-NUMBER>| name <CLIENT-FULL-NAME>]|non-social| offline-for days <1-999>|wlan <WLAN-NAME>|otp-incomplete-for days <1-999>|social [facebook|google] Following are the user filtering options: The user identified by one of the following parameters is deleted from the guest-registration database.
  • email <EMAIL-ADD> – Identifies user by the e-mail address
    • <EMAIL-ADD> – Provide the user‘s e-mail address.
  • mac <MAC> – Identifies user by the MAC address
    • <MAC> – Provide the user‘s MAC address.
  • group <RAD-GROUP-NAME> – Identifies users by their RADIUS group association
    • <RAD-GROUP-NAME> – Specify the RADIUS group name.
  • mobile <MOBILE-NUMBER> – Identifies user by the registered mobile number
    • <MOBILE-NUMBER> – Provide the user‘s mobile number.
  • name <CLIENT-FULL-NAME> – Identifies user by the registered full name
    • <CLIENT-FULL-NAME> – Provide the user‘s full name.
  • non-social – Identifies users that have not registered through social authentication
  • offline-for days <1-999> – Filters users who have not accessed the network for a specified number of days
    • days <1-999> – Specify the number of days from 1 - 999.
  • wlan <WLAN-NAME> – Identifies users accessing a specified WLAN
    • <WLAN-NAME> – Specify the WLAN name.
  • otp-incomplete-for days <1-999> – Identifies records of users that have not used their OTP to complete registration within a specified number of days
    • days <1-999> – Specify the number of days from 1 - 999.
  • social [facebook|google] – Identifies users using either Facebook or Google credentials to access the network
    • facebook – Identifies users using Facebook authentication
    • google – Identifies users using Google authentication
service guest-registration export format [csv|json] <DEST-URL> {(rfdomain <DOMAIN-NAME>|
time [1-Day|1-Month|1-Week|2-Hours|30-Mins|5-Hours|all]|wlan <WLAN-NAME>)}
service guest-registration export Exports guest registration user data files in the Comma-Separated Values (CSV) or JavaScript Object Notation (JSON) format

Use the ‘rfdomain‘, ‘wlan‘, and ‘time‘ options to filter users for a specified RF Domain, WLAN, and/or time period. These are recursive parameters and you can apply all or any of these three filters.

format [csv|json] Specifies the file format. The options are:
  • csv – Exports user data files in the CSV format
  • json – Exports user data files in the JSON format
<DEST-URL> Configures the destination URL. The files are exported to the specified location. Both IPv4 and IPv6 address formats are supported.
  • IPv4 URLs:

    tftp://<hostname|IP>[:port]/path/file

    ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

  • IPv6 URLs:

    tftp://<hostname|[IPv6]>[:port]/path/file

    ftp://<user>:<passwd>@<hostname|[IPv6]>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|[IPv6]>[:port]>/path/file

rfdomain <DOMAIN-NAME> Optional. Filters user data based on RF Domain name. Only the filtered data are exported.
  • <DOMAIN-NAME> – Specify the RF Domain name.
wlan <WLAN-NAME> Optional. Filters user data based on WLAN name. Only the filtered data are exported.
  • <WLAN-NAME> – Specify the WLAN name.
time [1-Day|1-Month| 1-Week|2-Hours| 30-Mins|5-Hours|all] Optional. Filters user data for a specified time period. Only the filtered data are exported.
  • 1-Day – Filters and exports previous day‘s data
  • 1-Month – Filters and exports previous month‘s data
  • 1-Week – Filters and exports previous week‘s data
  • 2-Hours – Filters and exports last 2 hours data
  • 30-Mins – Filters and exports last 30 minutes data
  • 5-Hours – Filters and exports last 5 hours data
  • all – Exports the entire database
service guest-registration import format json <SOURCE-URL>
service guest-registration import Imports user data from a specified location
format json Specifies the file format
  • json – Imports user data files in the JSON format
<SOURCE-URL> Configures the Source URL. The files are imported from the specified location. Both IPv4 and IPv6 address formats are supported.
  • IPv4 URLs:

    tftp://<hostname|IP>[:port]/path/file

    ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|IP>[:port]>/path/file

  • IPv6 URLs:

    tftp://<hostname|[IPv6]>[:port]/path/file

    ftp://<user>:<passwd>@<hostname|[IPv6]>[:port]/path/file

    sftp://<user>:<passwd>@<hostname|[IPv6]>[:port]>/path/file

service load-balancing clear-client-capability [<MAC>|all] {on <DEVICE-NAME>}
load-balancing Enables wireless load balancing by clearing client capability records
clear-client-capability [<MAC>|all] Clears a specified client or all client capability records
  • <MAC> – Clears capability records of a specified client. Specify the client's MAC address in the AA-BB-CC-DD-EE-FF format.
  • all – Clears the capability records of all clients
on <DEVICE-NAME> Optional. Clears client capability records on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service load-ssh-authorized-keys <PUBLIC-KEY> {on <DEVICE-NAME>}
load-ssh-authorized-keys Loads SSH public (client) key on a device
<PUBLIC-KEY> Enter the public key. The public key should be in the OpenSSH rsa/dsa format.
on <DEVICE-NAME> Optional. Loads the specified public key on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service locator {<1-60>} {(on <DEVICE-NAME>)}
locator Enables LEDs
<1-60> Sets LED flashing time from 1 - 60 seconds.
on <DEVICE-NAME> The following keyword is recursive and common to the <1-60> parameter:
  • on <DEVICE-NAME> – Optional. Enables LEDs on a specified device
    • <DEVICE-NAME> – Specify name of the AP, wireless controller, or service platform.
service nsight clear-offline [all|offline-for days <0-999> {time <TIME>}]
nsight clear-offline [all|offline-for days <0-999> {time <TIME>}] Clears NSight data received from offline controllers, based on the parameters passed. Select one of the following options:
  • all – Clears NSight data received from all offline controllers
  • offline-for days <0-999> time <TIME> – Clears NSight data received from controllers that have been offline for a specified time period
    • days <0-999> – Specifies the number of days controllers have been offline
      • <0-999> – Specify the number of days from 0 - 999 days. Select “0” to identify controllers offline less than 24 hours.
        • time <TIME> – Optional. Specifies the total time for which controllers have been offline
          • <TIME> – Specify the time in HH:MM:SS format.

This command is supported only on the NX9500, NX9600, and VX9000 platforms.

service radio <1-3> adaptivity
radio <1-3> Configures radio parameters
  • <1-3> – Specify the radio index from 1 - 3.
adaptivity Simulates the presence of interference on the current channel
service radio <1-3> channel-switch <36-196> [160|20|40|80|80-80]
radio <1-3> Configures radio parameters
  • <1-3> – Specify the radio index from 1 - 3.
channel-switch <36-196> [160|20|40|80| 80-80] Enables channel switching
  • <36-196> – Specifies the channel to switch to from 36 - 196.
    • 160|20|40|80|80-80] – Specifies the bandwidth for the above specified channel. Select the appropriate option.
service radio <1-3> dfs simulate-radar [extension|primary]
radio <1-3> Configures radio parameters
  • <1-3> – Specify the radio index from 1 - 3.
dfs Enables Dynamic Frequency Selection (DFS )
simulate-radar [extension|primary] Simulates the presence of a radar on a channel. Select the channel type from the following options:
  • extension – Simulates a radar on the radio's current extension channel
  • primary – Simulates a radar on the radio's current primary channel
service radius test [<IP>|<HOSTNAME>] <WORD> <USERNAME> <PASSWORD> 
{wlan <WLAN-NAME> ssid <SSID>} {(on <DEVICE-NAME>)}
radius test Tests RADIUS server's account. This command sends an access-request packet to the RADIUS server. Use this command to confirm time and data/bandwidth parameters for valid wireless clients.
  • test – Tests the RADIUS server's account with user provided parameters
[<IP>|<HOSTNAME>] Sets the RADIUS server's IP address or hostname
  • <IP> – Specifies the RADIUS server's IP address
  • <HOSTNAME> – Specifies the RADIUS server's hostname
<WORD> Specify the RADIUS server's shared secret.
<USERNAME> Specify username for authentication.
<PASSWORD> Specify the password.
wlan <WLAN-NAME> ssid <SSID> Optional. Tests the RADIUS server on the local WLAN. Specify the local WLAN name.
  • ssid <SSID> – Specify the WLAN SSID.
on <DEVICE-NAME> Optional. This is a recursive parameter also applicable to the WLAN parameter. Performs tests on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service radius test [<IP>|<HOSTNAME>] <PORT> <1024-65535> <WORD> <USERNAME> 
<PASSWORD> {wlan <WLAN-NAME> ssid <SSID>} {(on <DEVICE-NAME>)}
radius test Tests a RADIUS server's account. This command sends an access-request packet to the RADIUS server. Use this command to confirm time and data/bandwidth parameters for valid wireless clients.
  • test – Tests the RADIUS server's account with user provided parameters
[<IP>|<HOSTNAME>] Sets the IP address or hostname of the RADIUS server
  • <IP> – Specify the RADIUS server's IP address.
  • <HOSTNAME> – Specify the RADIUS server's hostname.
<PORT> <1024-65535> Specify the RADIUS server port from 1024 - 65535. The default port is 1812.
<WORD> Specify the RADIUS server's shared secret.
<USERNAME> Specify username for authentication.
<PASSWORD> Specify the password.
wlan <WLAN-NAME> ssid <SSID> Optional. Tests the RADIUS server on the local WLAN. Specify the local WLAN name.
  • ssid <SSID> – Specify WLAN SSID.
on <DEVICE-NAME> Optional. This is a recursive parameter also applicable to the WLAN parameter. Performs tests on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service set validation-mode [full|partial] {on <DEVICE-NAME>}
set Sets the validation mode for running configuration validation
validation-mode [full|partial] Sets the validation mode
  • full – Performs a full configuration validation
  • partial – Performs a partial configuration validation
on <DEVICE-NAME> Optional. Performs full or partial configuration validation on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show block-adopter-conflict-update
show Displays running system statistics based on the parameters passed
block-adopter-config-update Displays NOC configuration blocking status
service show captive-portal log-internal
show Displays running system statistics based on the parameters passed
captive-portal Displays captive portal information
log-internal Displays recent captive portal debug logs (information and above severity level)
service show captive-portal [servers|user-cache] {on <DEVICE-NAME>}
show Displays running system statistics based on the parameters passed
captive-portal Displays captive portal information
servers Displays server information for active captive portals
user-cache Displays cached user details for a captive portal
on <DEVICE-NAME> Optional. Displays server information or cached user details on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show [cli|client-identity-defaults|configuration-revision|mac-user-import-status|
mac-vendor <OUI/MAC>|noc diag|snmp session|xpath-history]
show Displays running system statistics based on the parameters passed
cli Displays CLI tree of the current mode
client-identity-defaults Displays default client-identities and their configuration
configuration-revision Displays current configuration revision number
mac-user-import-status Displays status of file import initiated by a MAC-user
mac-vendor <OUI/MAC> Displays vendor name for a specified MAC address or Organizationally Unique Identifier (OUI) part of the MAC address
  • <OUI/MAC> – Specify the MAC address or its OUI. The first six digits of the MAC address is the OUI. Use the AABBCC or AA-BB-CC format to provide the OUI.
noc diag Displays NOC diagnostic details
snmp session Displays SNMP session details
xpath-history Displays XPath history
service show [command-history|crash-info|info|mem|process|reboot-history|
startup-log|ssh-authorized-keys|sysinfo|top|upgrade-history|watchdog] {on <DEVICE-NAME>}
show Displays running system statistics based on the parameters passed
command-history Displays command history (lists all commands executed)
crash-info Displays information about core, panic, and AP dump files
info Displays snapshot of available support information
mem Displays a system's current memory usage (displays the total memory and available memory)
process Displays active system process information (displays all processes currently running on the system)
reboot-history Displays the device's reboot history
startup-log Displays the device's startup log
sysinfo Displays system's memory usage information
top Displays system resource information
upgrade-history Displays the device's upgrade history (displays details, such as date, time, and status of the upgrade, old version, new version, etc.)
watchdog Displays the device's watchdog status
on <DEVICE-NAME> The following keywords are common to all of the above:
  • on <DEVICE-NAME> – Optional. Displays information for a specified device. If no device is specified, the system displays information for logged device(s)
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show ip-access-list wlan <WLAN-NAME> status {detail} {on <DEVICE-OR-DOMAIN-NAME>}
show ip-access-list Displays status of IP ACL to WLAN mappings on a specified device or all devices within a specified RF Domain. This command also displays if IP ACLs are properly applied in the dataplane.
wlan <WLAN-NAME> Specifies the WLAN, for which the IP ACL to WLAN mapping status is required
  • <WLAN-NAME> – Specify the WLAN name.
status detail Displays only failed IP ACL to WLAN mappings
  • details – Optional. Displays all (failed as well as successful) IP ACL to WLAN mapping status
on <DEVICE-OR-DOMAIN-NAME> Optional. Specifies the device name or the RF Domain name.
  • <DEVICE-OR-DOMAIN-NAME> – Specify the device name or the RF Domain. When specified, the system displays IP ACL to WLAN mapping status on the specified device or all devices within the specified RF Domain.
service show dhcp-lease {<INTERFACE-NAME>|on|pppoe1|vlan <1-4094>|wwan1} 
{(on <DEVICE-NAME>)}
show Displays running system statistics based on the parameters passed
dhcp-lease Displays DHCP lease information received from the server
<INTERFACE> Optional. Displays DHCP lease information for a specified router interface
  • <INTERFACE> – Specify the router interface name.
on Optional. Displays DHCP lease information for a specified device
pppoe1 Optional. Displays DHCP lease information for a PPP over Ethernet interface
vlan <1-4094> Optional. Displays DHCP lease information for a VLAN interface
  • <1-4094> – Specify a VLAN index from 1 - 4094.
wwan1 Optional. Displays DHCP lease information for a Wireless WAN interface
on <DEVICE-NAME> The following keywords are common to all of the above:
  • on <DEVICE-NAME> – Optional. Displays DHCP lease information for a specified device. If no device is specified, the system displays information for the logged device.
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show diag [fds|pkts]
show diag [fds|pkts] Displays diagnostic statistics, such as LED status, fan speed, sensor temperature, open file descriptors, looped packets, etc.
fds Displays the number of file descriptors (fds) opened by key processes, such as the CFGD. When executed, the command displays only the file name and FD.
pkts Displays details of looped packets captured by the dataplane and pushed to a separate queue. These queued packets are written to a log file (named loop_pkt_info.log) available at the /var2/log/ directory. Use the service > start-shell command and enter the path ‘cat /var2/log/‘ to view if the loop_pkt_info.log file exists. However, looped packet logging has to be enabled in the profile/device context. For more information, see diag (profile config mode).

The dataplane can log up to 16 looped packets at a time. Once the queue is full, no new loop packet is logged until the existing queue is cleared. To clear the logged looped packet queue execute the service > clear > diag > pkts command.

Following are the loop codes and the corresponding loop reasons:
  • (5) - "pkt looping in dataplane"
  • (51) - "loop in packet path"
  • (367) - "wispe encapsulation loop"
  • (432) - "mcx loop prevention"
  • (532) - "Port loop detected"
  • (536) - "packet loop detected by wireless bridge"
  • (41) - "IPv4 TTL exceeded"
  • (493) - "IPv6 TTL exceeded"
  • (540) - "mint TTL exceeded"
service show diag [led-status|psu|stats] {(on <DEVICE-NAME>)}
show Displays running system statistics based on the parameters passed
diag Displays diagnostic statistics, such as LED status, fan speed, and sensor temperature
led-status Displays LED state variables and the current state
psu Displays power supply information
stats Displays fan speed and sensor temperature statistics
on <DEVICE-NAME> Optional. Displays diagnostic statistics for a specified device. If no device is specified, the system displays information for the logged device.
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show guest-registration [export-status|import-status|restore-status]
show Displays running system statistics based on the parameters passed
guest-registration Displays status of the guest-registration database snapshot related processes (export, import, and restore)
Note: To export, import, or restore a guest-registration database, use the service > guest-registration > [backup|export|import] command.]
export-status Displays the status of the latest export process initiated
import-status Displays the status of the latest import process initiated
export-status Displays the status of the latest restore process initiated
service show fast-switching {on <DEVICE-NAME>}
show Displays running system statistics based on the parameters passed
fast-switching Displays fast switching state (enabled or disabled)
on <DEVICE-NAME> Optional. Displays fast switching state for a specified device. If no device is specified, the system displays information for the logged device.
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.

service show [fib|fib6] {table-id <0-255>}
show Displays running system statistics based on the parameters passed
fib Displays entries in the Forwarding Information Base (FIB)
fib6 Displays FIB IPv6 static routing entries

The WiNG software allows the IPv6 FIB to maintain only IPv6 static and interface routes.

FIB is a collection of routing entries. A route entry consists of IPv6 network (which can also be a host) address, the prefix length for the network (for IPv6 routes this is between 0 - 128), and the next hop‘s (gateway) IPv6 address. Since a destination can be reached through multiple next hops, you can configure multiple routes to the same destination with multiple next hops.

table-id <0-255> Optional. Displays FIB information maintained by the system based on the table ID
  • <0-255> – Specify the table ID from 0 - 255.
service show mint [adopted-devices {on <DEVICE-NAME>}|ports]
show Displays running system statistics based on the parameters passed
mint Displays MiNT protocol details
adopted-devices on <DEVICE-NAME> Displays adopted devices status in dpd2
  • on <DEVICE-NAME> – Optional. Displays MiNT protocol details for a specified device. If no device is specified, the system displays information for the logged device.
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.

ports Displays MiNT ports used by various services and features
service show pm {history} {(on <DEVICE-NAME>)}
show Displays running system statistics based on the parameters passed
pm Displays the Process Monitor (PM) controlled process details
history Optional. Displays process change history (the time at which the change was implemented, and the events that triggered the change)
on <DEVICE-NAME> Optional. Displays process change history for a specified device. If no device is specified, the system displays information for the logged device.
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show rf-domain-manager [diag|info] {<MAC/HOSTNAME>} {(on <DEVICE-OR-DOMAIN-NAME>)}
show Displays running system statistics based on the parameters passed
rf-domain-manager Displays RF Domain manager information
diag Displays RF Domain manager related diagnostics statistics
info Displays RF Domain manager related information
<MAC/HOSTNAME> The following keyword is common to the ‘diag‘ and ‘info‘ parameters:

Optional. Specify the MAC address or hostname of the RF Domain manager.

on <DEVICE-OR-DOMAIN-NAME> The following keyword is common to the ‘diag‘ and ‘info‘ parameters:

Optional. Displays diagnostics statistics on a specified device or domain

  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service show sites
show Displays running system statistics based on the parameters passed
sites Displays NOC sites related information
service show virtual-machine-history {(on <DEVICE-NAME>)}
show virtual-machine-history Displays virtual machine history based on the parameters passed

This command is applicable only to the NX9500 and NX9600 series service platforms. It is also available on the Privilege Executable Mode of these devices.

on <DEVICE-NAME> Optional. Displays virtual machine history on a specified device. If no device is specified, the system displays information for the logged device.
  • <DEVICE-NAME> – Specify the name of the service platform.
service show wireless [aaa-stats|adaptivity-status|credential-cache|dns-cache|
radar-status|vlan-usage] {on <DEVICE-NAME>}
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN assignment, etc.)
aaa-stats Displays AAA policy statistics
adaptivity-status Displays the current list of channels (with interference levels exceeding the configured threshold resulting in adaptivity kicking in) and time when adaptivity kicked in on a device
credential-cache Displays clients cached credentials statistics (VLAN, keys, etc.)
dns-cache Displays cache of resolved names of servers related to wireless networking
radar-status Displays radar discovery status. This option displays following information:
  • If a radar has been discovered by the AP
  • The time of discovery
vlan-usage Displays VLAN statistics across WLANs
on <DEVICE-NAME> The following keywords are common to all of the above:
  • on <DEVICE-NAME> – Optional. Displays running system statistics on a specified device. If no device is specified, the system displays information for the logged device.
    • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service show wireless [config-internal|log-internal|neighbors]
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage, etc.)
config-internal Displays internal configuration parameters
log-internal Displays recent internal wireless debug logs (info and above severity)
neighbors Displays neighboring device statistics for roaming and flow migration
service show wireless [client|meshpoint neighbor] proc [info|stats] {<MAC>} 
{(on <DEVICE-OR-DOMAIN-NAME)}
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage, etc.)
client Displays WLAN client statistics
meshpoint neighbor Displays meshpoint related proc entries
proc The following keyword is common to client and meshpoint neighbor parameters:
  • proc – Displays dataplane proc entries based on the parameter selected
Note: These proc entries provide statistics on each wireless client on the WLAN.
Note: For the meshpoint parameter, it displays proc entries about neighbors.
info This parameter is common to client and meshpoint neighbor parameters. Displays information for a specified device (wireless client or neighbor) or RF Domain.
stats This parameter is common to client and meshpoint neighbor parameters. Displays information for a specified device (wireless client or neighbor) or RF Domain.
<MAC> Displays information for a specified device (wireless client or neighbor) or RF Domain.
on <DEVICE-OR-DOMAIN-NAME> This parameter is common to client and meshpoint neighbor parameters. Displays information for a specified device (wireless client or neighbor) or RF Domain.
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service show wireless radio-internal [radio1|radio2] <LINE>
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage, etc.)
radio-internal [radio1|radio2] Displays radio internal debug logs. Select the radio from the following options:
  • radio1 – Selects radio 1
  • radio2 – Selects radio 2.
<LINE> Specify the radio internal debug command to enable.
service show wireless reference [channels|frame|handshake|mcs-rates|reason-codes|
status-codes]
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage, etc.)
reference Displays look up reference information related to standards, protocols, etc.
channels Displays 802.11 channels information
frame Displays 802.11 frame structure
handshake Displays a flow diagram of 802.11 handshakes
mcs-rates Displays MCS rate information
reason-codes Displays 802.11 reason codes (for deauthentication, disassociation, etc.)
status-codes Displays 802.11 status codes (for association response)
service show wireless stats-client diag {<MAC/HOSTNAME>} 
{(on <DEVICE-OR-DOMAIN-NAME)}
show Displays running system statistics based on the parameters passed
wireless Displays WLAN statistics (WLAN AAA policy, configuration parameters, VLAN usage etc.)
stats-client Displays managed AP statistics
<MAC/HOSTNAME> Optional. Specify the MAC address or hostname of the AP.
on <DEVICE-OR-DOMAIN-NAME> Optional. Displays statistics on a specified AP, or all APs on a specified domain.
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service smart-rf clear-config {<MAC>|<DEVICE-NAME>|on <DOMAIN-NAME>}
smart-rf Enables Smart RF management
clear-config Clears WLAN Smart RF configuration on a specified device or on all devices
<MAC> Optional. Clears WLAN Smart RF configuration on a device identified by its MAC address. Specify the device's MAC address in the AA-BB-CC-DD-EE-FF format.
<DEVICE-NAME> Optional. Clears WLAN Smart RF configuration on a device identified by its hostname. Specify the device's hostname.
on <DOMAIN-NAME> Optional. Clears WLAN Smart RF configuration on all devices in a specified RF Domain
  • <DOMAIN-NAME> – Specify the RF Domain name.
service smart-rf [clear-history|clear-interfering-aps|save-config] {on <DOMAIN-NAME>}
smart-rf Enables Smart RF management
clear-history Clears WLAN Smart RF history on all devices
clear-interfering-aps Clears Smart-RF interfering APs
save-config Saves the Smart RF configuration on all devices, and also saves the history on the RF Domain Manager
on <DOMAIN-NAME> Optional. Clears WLAN Smart RF configuration on all devices in a specified RF Domain
  • <DOMAIN-NAME> – Specify the RF Domain name.
service ssm dump-core-snapshot
service ssm dump-core-snapshot Triggers a debug core dump of the SSM module
service syslog test {level [<0-7>|alerts|critical|debugging|emergencies|errors|informational|notifications|warnings]} {(on <DEVICE-NAME>)}
syslog test Sends a test message to the syslog server to confirm server availability
Optional. Sets the logging level. In case syslog server is unreachable, an event is logged based on the logging level defined. This is an optional parameter, and the system configures default settings, if no logging severity level is specified.
  • <0-7> – Optional. Specify the logging severity level from 0-7. The various levels and their implications are as follows:
    • alerts – Optional. Immediate action needed (severity=1)
    • critical – Optional. Critical conditions (severity=2)
    • debugging – Optional. Debugging messages (severity=7)
    • emergencies – Optional. System is unusable (severity=0)
    • errors – Optional. Error conditions (severity=3)
    • informational – Optional. Informational messages (severity=6)
    • notifications – Optional. Normal but significant conditions (severity=5)
    • warnings – Optional. Warning conditions (severity=4). This is the default setting.
on <DEVICE-NAME> Optional. Executes the command on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service ssm trace pattern <WORD> {on <DOMAIN-NAME>}
ssm trace Displays the SSM module trace based on parameters passed
pattern <WORD> Configures the pattern to match
  • <WORD> – Specify the pattern to match.
on <DEVICE-NAME> Optional. Displays the SSM module trace on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service wireless add-neighbor <1-2> mac <MAC-ADDRESS> preference <0-255>
wireless add-neighbor <1-2> Includes non-WiNG APs in the neighbor report response sent by AP to the client stations. Use this command to specify the non-WiNG AP MAC addresses.
mac <MAC-ADDRESS> Enter the non-WiNG AP's MAC address.
preference <0-255> Set a preference for the AP from 0-255
service wireless client beacon-request <MAC> mode [active|passive|table] 
channel [<CHANNEL-NUMBER>|any] duration <1-255> ssid [<SSID>|any] channel-report [<CHANNEL-LIST>|none] 
bssid [<MAC>|any] randomization-interval <0-1000> {on <DEVICE-NAME>}
wireless client beacon-requests Sends beacon measurement requests to a wireless client
<MAC> Specify the wireless client's MAC address.
mode [active|passive|table] Specifies the beacon measurement mode. The following modes are available:
  • Active – Requests beacon measurements in the active mode
  • Passive – Requests beacon measurements in the passive mode
  • Table – Requests beacon measurements in the table mode
ssid [<SSID>|any] Specifies if the measurements have to be made for a specified SSID or for any SSID
  • <SSID> – Requests beacon measurement for a specified SSID
  • any – Requests beacon measurement for any SSID
channel-report [<CHANNEL-LIST>| none] Configures channel report in the request. The request can include a list of channels or can apply to all channels.
  • <CHANNEL-LIST> – Request includes a list of channels. The client has to send beacon measurements only for those channels included in the request.
  • none – Request applies to all channels
on <DEVICE-NAME> Optional. Sends requests on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service wireless client quiet-element [start|stop]
wireless client quiet-element Enables the quite-element information in beacons sent to wireless clients
start Enables the quite-element information in beacons sent to wireless clients. This is the start of the time period when wireless clients are to remain quiet.
stop Disables the quite-element information in beacons sent to wireless clients. Once disabled, this information is no longer included in beacons.
service wireless client trigger-bss-transition mac <MAC> {timeout <0-65535} 
{url <URL>} {on <DEVICE-OR-DOMAIN-NAME>}
wireless client trigger-bss-transition Sends a 80211v-Wireless Network Management BSS transition request to a client
<MAC> Specifies the wireless client's MAC address
timeout <0-65535> Specifies the time remaining, for this client. before BSS transition is initiated. In other words on completion of the specified time period, BSS transition is triggered.
  • <0-65535> – Specify a time from 0 -65535 seconds.
url <URL> Specifies session termination URL
on <DEVICE-OR-DOMAIN-NAME> Optional. Sends request on a specified device
  • <DEVICE-OR_DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.
service wireless client trigger-wnm mac <MAC> type [deauth-imminent|subscription-remediation] 
{uri <WORD>}
wireless client trigger-wnm Sends a WNM notification (action frame) to a wireless client
mac <MAC> Specifies the wireless client‘s MAC address
type [deauth-imminent| subscription-remediation] Configures the WNM notification type
  • deauth-imminent – Sends a de-authentication imminent frame
  • subscription-remediation – Sends a subscription remediation needed frame
uri <WORD> Optional. Specifies the unique resource identifier (URI)
service wireless dump-core-snapshot
wireless dump-core-snapshot Triggers a debug core dump of the wireless module
service wireless meshpoint zl <MESHPOINT-NAME> [on <DEVICE-NAME>] {<ARGS>|
timeout <1-65535>}
service wireless meshpoint zl Triggers a zonal level debug of a specified meshpoint‘s modules
<MESHPOINT-NAME> Specify the meshpoint name
on <DEVICE-NAME> Triggers zonal level debug of a specified meshpoint‘s modules on a specified device
  • <DEVICE-NAME> – Specify the name of the device (AP, wireless controller, or service platform)
<ARGS> Optional. Specifies the zonal arguments. These zonal arguments represent the meshpoint modules identified by the zonal and subzonal arguments passed here. Also specify the debug level from 0 -7. Please see the Examples section, at the end of this topic, for more information.
timeout <1-65535> Optional. Specifies a timeout value from 1 - 65535 seconds. When specified, meshpoint logs are debugged for the time specified here.
service wireless qos delete-tspec <MAC> tid <0-7>
wireless qos delete-tspec Sends a delete TSPEC request to a wireless client
<MAC> Specify the MAC address of the wireless client.
tid <0-7> Deletes the Traffic Identifier (TID)
  • <0-7> – Select the TID from 0 - 7.
service wireless trace pattern <WORD> {on <DEVICE-NAME>}
wireless trace Displays the wireless module trace based on parameters passed
pattern <WORD> Configures the pattern to match
  • <WORD> – Specify the pattern to match.
on <DEVICE-NAME> Optional. Displays the wireless module trace on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service wireless unsanctioned ap air-terminate <MAC> {on <DOMAIN-NAME>}
wireless unsanctioned ap air-terminate Enables unsanctioned access points termination
<MAC> Configures the unsanctioned access points‘ BSSID (MAC address)
on <DOMAIN-NAME> Optional. Specifies the RD Domain of the access point
  • <DOMAIN-NAME> – Specify the name of the RF Domain.
service wireless wips clear-client-blacklist [all|mac <MAC>]
wireless wips Enables management of WIPS parameters
clear-client-blacklist [all|mac <MAC>] Removes a specified client or all clients from the blacklist
  • all – Removes all clients from the blacklist
  • mac <MAC> – Removes a specified client form the blacklist
    • <MAC> – Specify the wireless client's MAC address.
service wireless wips clear-event-history {on <DEVICE-OR-DOMAIN-NAME}
wireless wips Enables management of WIPS parameters
clear-event-history Clears event history
on <DEVICE-OR-DOMAIN- NAME> Optional. Clears event history on a device or RF Domain
  • <DEVICE-OR-DOMAIN-NAME> – Specify the name of the AP, wireless controller, service platform, or RF Domain.

Syntax (Privilege Exec Mode)

Service Commands - Intro

Note

Note

The "service" command of the Priv Exec Mode is the same as the service command in the User Exec Mode. There a few modifications that have been documented in this section. For the syntax and parameters of the other commands refer to the Syntax (User Exec Mode) and Parameters (User Exec Mode) sections of this chapter.
service [block-adopter-config-updates|clear|cli-tables-skin|cluster|copy|
database|delete|delete-offline-aps|force-send-config|force-update-vm-stats|
guest-registration|load-balancing|locator|mint|pktcap|pm|radio|radius|
request-full-config-from-adopter|restore|set|show|signal|smart-rf|snmp|ssm|
start-shell|syslog|trace|wireless]
service clear crash-info {on <DEVICE-NAME>}
service copy [stats-report|tech-support]
service copy stats-report [global|rf-domain <DOMAIN-NAME>] (<FILE>|<URL>)
service copy tech-support [<FILE>|<URL>]
service database [authentication|compact|drop|maintenance-mode|primary-stepdown|
remove-all-files|replica-set|server|start-shell]
service database authentication [create-user|delete-user]
service database authentication create-user username <USER-NAME> password <PASSWORD>
service database authentication delete-user username <USER-NAME>
service database compact [all|captive-portal|nsight]
service database [maintenance-mode|primary-stepdown|remove-all-files|start-shell]
service database replica-set [add|delete|force-configured-state]
service database replica-set add member [<IP>|<FQDN>] [arbiter|priority <0-255>]
service database replica-set delete member [<IP>|<FQDN>]
service database replica-set force-configured-state
service database server [restart|start|stop]
service delete sessions <SESSION-COOKIES>
service mint [clear|debug-log|expire|flood]
service mint [clear [lsp-db|mlcp]|debug-log [flash-and-syslog|flash-only]|
expire [lsp|spf]|flood [csnp|lsp]]
service pktcap on [bridge|deny|drop|ext-vlan|interface|radio|rim|router|vpn|wireless]
service pktcap on [bridge|deny|drop|ext-vlan|rim|router|vpn|wireless] 
{(acl-name <ACL>,count <1-1000000>,direction [any|inbound|outbound],filter <LINE>,
hex,rate <1-100>,snap <1-2048>,tcpdump,verbose,write [file|url|tzsp [<IP/TZSP-HOSTNAME>])}
service pktcap on interface [<INTERFACE-NAME>|ge <1-4>|me1|port-channel <1-2>|pppoe1|
vlan <1-4094>|wwan1] {(acl-name <ACL>,count <1-1000000>,direction [any|inbound|outbound],
filter <LINE>,hex,rate <1-100>,snap <1-2048>,tcpdump,verbose,
write [file|url|tzsp [<IP/TZSP-HOSTNAME>])}
service pktcap on radio [<1-1024>|all] {(acl-name <ACL>,count <1-1000000>,
direction [any|inbound|outbound],filter <LINE>,hex,promiscuous,rate <1-100>,
snap <1-2048>,tcpdump,verbose,write [file|url|tzsp [<IP/TZSP-HOSTNAME>])}
service pm stop {on <DEVICE-NAME>}
service restore analytics-support [<FILE>|<URL>]
service send discovery {mac <MAC>} {interface <INTERFACE>
service show discovered-devices {on <DEVICE-NAME>}
service reset discovered-device <MAC> serial-number <NUMBER> {interface <INTERFACE>}
service show discovered-devices {reset-log {mac <MAC>}} {on <DEVICE-NAME>}
service show last-passwd
service signal [abort <PROCESS-NAME>|kill <PROCESS-NAME>]
service start-shell
service trace <PROCESS-NAME> {summary}

Parameters (Privilege Exec Mode)

Service Commands - Intro

service copy tech-support <FILE> <URL>
copy tech-support Copies extensive system information used for troubleshooting
<FILE> Specify the location of the file to be copied, using the following format:
  • usbX:/path/file
<URL> Specify the location URL of the file to be copied. Both IPv4 andIPv6 address formats are supported.
  • tftp://<hostname|IPv4/IPv6>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]/path/file
  • sftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]>/path/file
service copy stats-report [global|rf-domain <DOMAIN-NAME>] (<FILE>|<URL>)
copy stats-report Copies extensive statistical data useful for troubleshooting
[global|rf-domain <DOMAIN-NAME>] Identifies the RF Domain to copy statistical data
  • global – Copies extensive statistical data of all configured RF Domains
  • rf-domain <DOMAIN-NAME> – Copies extensive statistical data of a specified RF Domain. Specify the domain name.
<FILE> Specify the location to copy file using the following format:
  • usbX:/path/file
<URL> Specify the location URL of the file to be copied. Both IPv4 andIPv6 address formats are supported.
  • tftp://<hostname|IPv4/IPv6>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]/path/file
  • sftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]>/path/file
service clear crash-info {on <DEVICE-NAME>}
clear crash-info Clears all crash files
on <DEVICE-NAME> Optional. Clears crash files on a specified device. These crash files are core, panic, and AP dump
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service database authentication create-user username <USER-NAME> password <PASSWORD>
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
authentication create-user username <USER-NAME> password <PASSWORD> Creates users having access rights to the database. Execute this command on the database host. However, before creating users, on the database, generate the database keyfile. For more information on generating the keyfile, see database (user exec mode).
  • username <USER-NAME> – Configures database username
    • password <PASSWORD> – Configures a password for the username specified above

In the database-policy ensure that authentication is enabled and username and password is configured. The database-client-policy also should have the same username and password configured. For more information on database-policy and database-client-policy, see database-policy global config and database-client-policy global-config.

service database authentication delete-user username <USER-NAME>
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
database authentication delete-user username <USER-NAME> Deletes the username requires to access rights the captive-portal/NSight database
  • username <USER-NAME> – Deletes the username identified by the <USER-NAME> keyword

Once deleted, the database cannot be accessed using the specified combination of username and password.

service database compact [all|captive-portal|nsight]
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
compact [all| captive-portal|nsight] Compacts collections within the database. Each database (captive-portal and NSight) contains one or more collection, where each collection is a set of records. Use this command to make a single compact set of all collections within a database.
  • all – Compacts collections within all databases (captive-portal and NSight) being maintained
  • captive-portal – Compacts all collections within the captive portal database only
  • nsight – Compacts all collections within the NSight database only
service database [maintenance-mode|primary-stepdown|remove-all-files|start-shell]
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
maintenance-mode Places the database server in the maintenance mode
primary-stepdown Requests the primary replica-set to step down. For more information on replica-sets and its creation, see database-policy (global config mode).
remove-all-files Removes all database-server related files (captive-portal and NSight). Use in a scenario where complete removal of all database related files is necessary, such as when downgrading to 5.8.1 or 5.8.0 version. Extreme caution is recommended when using this command.
start-shell Starts the database shell
service database replica-set add member [<IP>|<FQDN>] [arbiter|priority <0-255>]
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
replica-set Adds members to the database replica set. A replica set is a group of devices running the database instances that maintain the same data set. Replica sets provide redundancy and high availability, and are the basis for all production deployments. The replica set can contain a maximum of fifty (50) members, with each member (with the exception of the arbiter) hosting an instance of the database. For more information on creating replica sets, see database-policy (global config mode) .
add member [<IP>|<FQDN>] Adds members to the database replica set
  • <IP> – Identifies the member by its IP address. Specify the member‘s IP address.
  • <FQDN> – Identifies the member by its FQDN. Specify the member‘s FQDN address.
Note: Ensure that the identified members have the database instance running prior to being added to the replica set.
[arbiter| priority <0-255>] After identifying the new member, optionally specify if the member is the arbiter or not. If not the arbiter, specify the member‘s priority value.
  • arbiter – Identifies the new member as the arbiter. The arbiter does not maintain a data set and is added to the replica set to facilitate the election of the fall-back primary member. It provides that one extra vote required in the election of the primary member.
  • priority <0-255> – Identifies the new member as not being the arbiter and configures its priority value.
    • <0-255> – Specify the priority value from 0 - 255. Not applicable for the arbiter.

The priority value determines the member‘s position within the replica set as primary or secondary. It also helps in electing the fall-back primary member in the eventuality of the current primary member being unreachable.

All identified members should have the database instances running prior to being added to the replica set.

service database replica-set delete member [<IP>|<FQDN>]
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
replica-set Allows deletion of members in a database replica set. For each database a single three-member replica-set can be created and maintained. For more information on creating replica sets, see database-policy (global config mode) .
delete member [<IP>|<FQDN>] Deletes members from an existing database replica set
  • <IP> – Identifies the member by its IP address. Specify the member‘s IP address.
  • <FQDN> – Identifies the member by its FQDN. Specify the member‘s FQDN address.
service database replica-set force-configured-start
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
replica-set Allows deletion of members in a database replica set. For each database a single three-member replica-set can be created and maintained. For more information on creating replica sets, see database-policy (global config mode) .
force-configured-start Forces the replica-set to move to the configured state
service database server [restart|start|stop]
database Performs database related actions
Note: This command is supported only on the NX9500, NX9600, and VX9000 platforms.
server [restart|start|stop] Performs the following actions on the database server:
  • restart – Restarts the server
  • start – Starts the server
  • stop – Stops the server
service delete sessions <SESSION-COOKIES>
delete sessions <SESSION-COOKIES> Deletes session cookies
  • <SESSION-COOKIES> – Provide a list of cookies to delete.
service mint [clear [lsp-db|mlcp]|debug-log [flash-and-syslog|flash-only]|
expire [lsp|spf]|flood [csnp|lsp]]
mint Enables MiNT protocol management (clears LSP database, enables debug logging, enables running silence etc.)
clear [lsp-db|mlcp] Clears LSP database and MiNT Link Control Protocol (MLCP) links
  • lsp-db – Clears MiNT Label Switched Path (LSP) database
  • mlcp – Clears MLCP links
debug-log [flash-and-syslog| flash-only] Enables debug message logging
  • flash-and-syslog – Logs debug messages to the flash and syslog files
  • flash-only – Logs debug messages to the flash file only
expire [lsp|spf] Forces expiration of LSP and recalculation of Shortest Path First (SPF)
  • lsp – Forces expiration of LSP
  • spf – Forces recalculation of SPF
flood [csnp|lsp] Floods control packets
  • csnp – Floods our Complete Sequence Number Packets (CSNP)
  • lsp – Floods our LSP
service pm stop {on <DEVICE-NAME>}
pm Stops the PM
stops Stops the PM from monitoring all daemons
on <DEVICE-NAME> Optional. Stops the PM on a specified device
  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.
service pktcap on [bridge|deny|drop|ext-vlan|rim|router|vpn|wireless] 
{(acl-name <ACL>,count <1-1000000>,direction [any|inbound|outbound],filter,hex,rate <1-100>,
snap <1-2048>,tcpdump,verbose,write [file|url|tzsp <IP/TZSP-HOSTNAME>])}
pktcap on Captures data packets crossing at a specified location
  • on – Defines the packet capture location
bridge Captures packets transiting through the Ethernet bridge
deny Captures packets denied by an ACL
drop Captures packets at the drop locations
ext-vlan Captures packets forwarded to or from an extended VLAN
rim Captures packets at the Radio Interface Module (RIM)
router Captures packets transiting through an IP router
vpn Captures packets forwarded to or from a VPN link
wireless Captures packets forwarded to or from a wireless device
acl-name <ACL> Optional. Specify the ACL that matches the ACL name for the 'deny' location
count <1-1000000> Optional. Limits the captured packet count. Specify a value from 1 -1000000.
direction [any|inbound|outbound] Optional. Changes the packet direction with respect to a device. The direction can be set as any, inbound, or outbound.
filter [<LINE>|arp|capwap| cdp|dot11|dropreason| dst|ether|host|icmp| igmp|ip|ipv6|l2|l3|l4| lldp|mint|net|not|port| priority|radio|src|tcp|udp| vlan|wlan]  Optional. Filters packets based on the option selected (must be used as a last option). The filter options are:
  • <LINE> – Defines user defined packet capture filter
  • arp – Matches ARP packets
  • capwap – Matches CAPWAP packets
  • cdp – Matches CDP packets
  • dot11 – Matches 802.11 packets
  • dropreason – Matches packet drop reason
  • dst – Matches IP destination
  • ether – Matches Ethernet packets
  • failed – Matches failed 802.11 transmitted frames
  • host – Matches host destination
  • icmp – Matches ICMP packets
  • icmp6 – Matches ICMPv6 frames
  • ip – Matches IPV4 packets
  • ipv6 – Matches IPV6 packets
  • l2 – Matches L2 header
  • l3 – Matches L3 header
  • l4 – Matches L4 header
  • mint – Matches MiNT packets
  • lldp – Matches LLDP packets
  • net – Matches IP in subnet
  • not – Filters out any packet that matches the filter criteria (For example, if not TCP is used, all tcp packets are filtered out)
  • port – Matches TCP or UDP port
  • priority – Matches packet priority
  • radio – Matches radio
  • rssi – Matches Received Signal Strength Indication (RSSI) of received radio signals
  • src – Matches IP source
  • stp – Matches STP packets
  • tcp – Matches TCP packets
  • tcp6 – Matches TCP over IPv6 packets
  • udp – Matches UDP packets
  • udp6 – Matches UDP over IPv6 packets
  • vlan – Matches VLAN
  • wlan – Matches WLAN
hex Optional. Provides binary output of the captured packets
rate <1-100> Optional. Specifies the packet capture rate
  • <1-100> – Specify a value from 1 - 100 seconds.
snap <1-2048> Optional. Captures the data length
  • <1-2048> – Specify a value from 1 - 2048 characters.
tcpdump Optional. Decodes tcpdump. The tcpdump analyzes network behavior, performance, and infrastructure. It also analyzes applications that generate or receive traffic.
verbose Optional. Displays full packet body
write Captures packets to a specified file. Provide the file name and location in the following format:
FILE – flash:/path/file
  • flash:/path/file
  • usbX:/path/file
URL – Specify the location URL to capture file. Both IPv4 and IPv6 address formats are supported.
  • nvram:startup-config
  • tftp://<hostname|IP>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
  • sftp://<user>@<hostname|IP>[:port]>/path/file
  • tzsp – Tazman Sniffer Protocol (TZSP) host. Specify the TZSP host‘s IP address or hostname.
service pktcap on radio [<1-1024>|all] {(acl-name <ACL>,count <1-1000000>,
direction [any|inbound|outbound],filter <LINE>,hex,promiscuous,rate <1-100>,
snap <1-2048>,tcpdump,verbose,write [file|url|tzsp <IP/TZSP-HOSTNAME>])}
pktcap on radio Captures data packets on a radio (802.11)
<1-1024> Captures data packets on a specified radio
  • <1-1024> – specify the radio index from 1 - 1024.
all Captures data packets on all radios
acl-name <ACL> Optional. Specify the ACL that matches the ACL name for the 'deny' location
count <1-1000000> Optional. Sets a specified number of packets to capture
  • <1-1000000> – Specify a value from 1 - 1000000.
direction [any|inbound|outbound] Optional. Changes the packet direction with respect to a device. The direction can be set as any, inbound, or outbound.
filter <LINE> Optional. Filters packets based on the option selected (must be used as a last option)
  • <LINE> – Define a packet capture filter or select any one of the available options.
hex Optional. Provides binary output of the captured packets
rate <1-100> Optional. Specifies the packet capture rate
  • <1-100> – Specify a value from 1 - 100 seconds.
snap <1-2048> Optional. Captures the data length
  • <1-2048> – Specify a value from 1 - 2048 characters.
tcpdump Optional. Decodes the TCP dump
verbose Optional. Displays full packet body
write Captures packets to a specified file. Provide the file name and location in the following format:
  • flash:/path/file
  • usbX:/path/file
URL – Specify the location URL to capture file. Both IPv4 and IPv6 address formats are supported.
  • nvram:startup-config
  • tftp://<hostname|IP>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
  • sftp://<user>@<hostname|IP>[:port]>/path/file
  • tzsp – TZSP host. Specify the TZSP host‘s IP address or hostname.
service pktcap on interface [<INTERFACE>|ge <1-4>|me|port-channel <1-2>|vlan 
<1-4094>] {(acl-name <ACL>,count <1-1000000>,direction [any|inbound|outbound],
filter <LINE>,hex,rate <1-100>,snap <1-2048>,tcpdump,verbose,
write [file|url|tzsp <IP/TZSP-HOSTNAME>])}
pktcap on Captures data packets at a specified interface
  • on – Specify the capture location.
interface [<INTERFACE>| ge <1-4>|me1| port-channel <1-2>| vlan <1-4094>] Captures packets at a specified interface. The options are:
  • <INTERFACE> – Specify the interface name.
  • ge <1-4> – Selects a GigabitEthernet interface index from 1 - 4
  • me1 – Selects the FastEthernet interface
  • port-channel <1-2> – Selects a port-channel interface index from 1- 2
  • vlan <1-4094> – Selects a VLAN ID from 1 - 4094
acl-name <ACL> Optional. Specify the ACL that matches the ACL name for the 'deny' location
count <1-1000000> Optional. Sets a specified number of packets to capture
  • <1-1000000> – Specify a value from 1 - 1000000.
direction [any|inbound|outbound] Optional. Changes the packet direction with respect to a device. The direction can be set as any, inbound, or outbound.
filter <LINE> Optional. Filters packets based on the option selected (must be used as a last option)
  • <LINE> – Define a packet capture filter or select any one of the available options.
hex Optional. Provides binary output of the captured packets
rate <1-100> Optional. Specifies the packet capture rate
  • <1-100> – Specify a value from 1 - 100 seconds.
snap <1-2048> Optional. Captures the data length
  • <1-2048> – Specify a value from 1 - 2048 characters.
tcpdump Optional. Decodes the TCP dump
verbose Optional. Displays full packet body
write Captures packets to a specified file. Provide the file name and location in the following format:
  • flash:/path/file
  • usbX:/path/file
URL – Specify the location URL to capture file. Both IPv4 and IPv6 address formats are supported.
  • nvram:startup-config
  • tftp://<hostname|IP>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IP>[:port]/path/file
  • sftp://<user>@<hostname|IP>[:port]>/path/file
  • tzsp – TZSP host. Specify the TZSP host‘s IP address or hostname.
service send discovery {mac <MAC>} {interface <INTERFACE>}
send discovery Broadcasts WNMP Ethernet discovery request frames to discover Layer 2 devices that have lost MiNT connectivity and are without an IP address.
Note: The command can be issued only by a network-admin, system-admin, or device-provisioning-admin.
WiNG controllers and service platforms can broadcast WNMP discovery request frames. Layer 2 WiNG devices respond to the WNMP broadcast.
Note: Only devices with radios will respond to the broadcast. Controllers will not respond to WNMP discovery frames.
The responses are processed and the discovered devices are saved to a log. By default, these device entries are retained in the log for 10 minutes and can be viewed by issuing the following command:
#service show discovered-devices
Note: For command description, see the following table.
Post discovery, you can reset a discovered device to default by issuing the following command:
#service reset discovered-device
Note: For command description, see table.
mac <MAC> Optional. Specify the MAC address for a specific device. This is an optional parameter. Use it to discover a specific device.
Note: When specified, only the device with the specified MAC address is discovered.
interface <INTERFACE> Optional. Specify the interface on which the WNMP discovery request frames are to be broadcasted. The options available are:
  • <WORD> - Specify the Layer 2 interface name.
  • ge <INF-NUMBER> - Select GE interface index.
  • port-channel <INF-NUMBER> - Select the port-channel interface number.
Note: If not specified, the frames are broadcasted across all interfaces.
service show discovered-device {on <DEVICE-NAME}
show discovered-devices Displays Layer 2 devices that have responded to the WNMP discovery request frames broadcasted by a controller or service platform.
Note: This command can be issued by any of the management users.
Note: For information on how to initiate WNMP device discovery, see the preceding table.
on <DEVICE-NAME> Optional. Displays Layer 2 discovered devices on a specified device. This parameter is optional. If not specified, the command is executed on the self of the logged device.
  • <DEVICE-NAME> - Specify the controller, service platform or access point name.
service reset discovered-device <MAC> serial-number <NUMBER> {interface <INTERFACE>}
reset discovered-device Broadcasts a reset configuration request for a specified MAC address and serial number.
Note: This command can be issued only by a network-admin, system-admin, or device-provisioning-admin.
WiNG devices can discover and log Layer 2 devices that have lost MiNT connectivity and have no IP address. Post discovery, you can use this command to reset a specified device to default configuration.
Note: Virtual controllers will respond to WNMP discovery requests, but will not reset their configuration on receiving a WNMP reset message.
Only one device can be reset after each discovery process. Issue the command with the MAC and serial number of the discovered device that is to be reset to default configuration. However, the device will reset only if:
  • It's uptime is less than 10 minutes.
  • It's serial number is an exact match.
  • It is not adopted.
Note: To reset another device, run the discovery process again.

For information on how to initiate WNMP device discovery, see table.

For information on how to view discovered devices, see table.

For information on how to view discovered devices that have been reset to default, see following table.

<MAC> Specify the MAC address of the discovered device that is to be reset to default configuration.
serial-number <NUMBER> Specify the serial number of the discovered device that is to be reset to default configuration.
interface <INTERFACE> Optional. Specify the interface on which the reset request frames are to be broadcasted.
Note: If not specified, the reset request frame is broadcasted across all interfaces.
service show discovered-device {reset-log {mac <MAC>}} {(on <DEVICE-NAME>)}
show discovered-devices Displays Layer 2 devices that have responded to the WNMP Ethernet discovery request frames broadcasted by a controller or service platform.
Note: This command can be issued by any of the management users.
Note: For information on how to initiate WNMP device discovery, see table.
reset-log {mac <MAC>} Optional. Displays Layer 2 discovered devices that have responded to reset request frames. This parameter is optional. If not specified, all devices responding to the WNMP discovery request frames are displayed.
Note: For information on how to initiate a reset-request for a specific device, see preceding table.
on <DEVICE-NAME> Optional. Displays Layer 2 discovered devices on a specified device. This parameter is optional. If not specified, the command is executed on the self of the logged device.
  • <DEVICE-NAME> - Specify the controller, service platform or access point name.
service show last-passwd
show Displays running system statistics based on the parameters passed
last-passwd Displays the last password used to enter shell
service signal [abort <PROCESS-NAME>|kill <PROCESS-NAME>]
signal Sends a signal to a process
  • tech-support – Copies extensive system information useful for troubleshooting
abort Sends an abort signal to a process, and forces it to dump to core
  • <PROCESS-NAME> – Specify the process name.
kill Sends a kill signal to a process, and forces it to terminate without a core
  • <PROCESS-NAME> – Specify the process name.
service start-shell
start-shell Provides shell access
service trace <PROCESS-NAME> {summary}
trace Traces a process for system calls and signals
<PROCESS-NAME> Specifies the process name
summary Optional. Generates summary report of the specified process

Syntax (Privilege Exec Mode: NX9500/NX9600/VX9000)

Service Commands - Intro

service copy analytics-support [<FILE>|<URL>]

Parameters(Privilege Exec Mode: NX9500/NX9600/VX9000)

Service Commands - Intro

service copy analytics-support [<FILE>|<URL>]
copy analytics-support Enables copying of analytics information to a specified. Use one of the following options to specify the file:
Note: This information is useful to troubleshoot issues by the Technical Support team.
<FILE> Specify the file name and location using one of the following formats:
  • usb1:/path/file
  • usb2:/path/file
<URL> Specify the location URL to copy file. Both IPv4 and IPv6 formats are supported.
  • tftp://<hostname|IPv4/IPv6>[:port]/path/file
  • ftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]/path/file
  • sftp://<user>:<passwd>@<hostname|IPv4/IPv6>[:port]>/path/file

Syntax (Global Config Mode)

Service Commands - Intro

service [set|show cli]
service set [command-history <10-300>|upgrade-history <10-100>|reboot-history <10-100>|
virtual-machine-history <10-200>] {on <DEVICE-NAME>}
service show cli

Parameters (Global Config Mode)

Service Commands - Intro

service set [command-history <10-300>|upgrade-history <10-100>|reboot-history <10-100>|
virtual-machine-history <10-200>] {on <DEVICE-NAME>}
set Sets the size of history files
command-history <10-300> Sets the size of the command history file
  • <10-300> – Specify a value from 10 - 300. The default is 200.
upgrade-history <10-100> Sets the size of the upgrade history file
  • <10-100> – Specify a value from 10 - 100. The default is 50.
reboot-history <10-100> Sets the size of the reboot history file
  • <10-100> – Specify a value from 10 - 100. The default is 50.
virtual-machine-history <10-200> Sets the size of the virtual-machine history file
  • <10-200> – Specify a value from 10 - 200. The default is 100.

This command is applicable only to the NX9500 and NX9600 series service platforms. Use the no > service > set > virtual-machine-history > {on <DEVICE-NAME>} command to revert the history file size to 100.

on <DEVICE-NAME>

Optional. Sets the size of history files on a specified device

  • <DEVICE-NAME> – Specify the name of the AP, wireless controller, or service platform.

service show cli
show cli Displays running system configuration details
  • cli – Displays the CLI tree of the current mode

Examples

Service Commands - Intro

nx9500-6C8809>service show cli
Command mode:  +-do
+-help [help]
  +-search
    +-WORD [help search WORD (|detailed|only-show|skip-show|skip-no)]
      +-detailed [help search WORD (|detailed|only-show|skip-show|skip-no)]
      +-only-show [help search WORD (|detailed|only-show|skip-show|skip-no)]
      +-skip-show [help search WORD (|detailed|only-show|skip-show|skip-no)]
      +-skip-no [help search WORD (|detailed|only-show|skip-show|skip-no)]
+-show
  +-commands [show commands]
  +-global
    +-device-list [show global device-list (|(filter {|(online)|(offline)|(rf-domain (|not) RF-DOMAIN)}))]
      +-filter [show global device-list (|(filter {|(online)|(offline)|(rf-domain (|not) RF-DOMAIN)}))]
        +-online [show global device-list (|(filter {|(online)|(offline)|(rf-domain (|not) RF-DOMAIN)}))]
        +-offline [show global device-list (|(filter {|(online)|(offline)|(rf-domain (|not) RF-DOMAIN)}))]
        +-rf-domain
          +-not
            +-RF-DOMAIN [show global device-list (|(filter {|(online)|(offline)|(rf-domain (|not) RF-DOMAIN)}))]
     --More--
nx9500-6C8809>
nx9500-6C8809#service signal abort testprocess
Sending an abort signal to testprocess
nx9500-6C8809#
ap505-13403B*#service show crash-info
-------------------------------------------------------------------------------------
                   CRASH FILE                     SIZE         LAST MODIFIED    
-------------------------------------------------------------------------------------
  panic_201902201741_AP505_7.1.0.0-075D.tar.gz   18727   Wed Feb 20 17:41:07 2019
-------------------------------------------------------------------------------------
ap505-13403B*#
nx9500-6C8809#service show command-history on ap8132-74B45C
Configured size of command history is 200

  Date & Time          User      Location           Command
=====================================================================
Nov 08 10:19:11 2017   admin     127.0.0.1 16      self
Nov 08 09:19:29 2017   admin     127.0.0.1 13      revert
Nov 08 09:18:52 2017   admin     127.0.0.1 13      interface radio 1
Nov 08 09:18:44 2017   admin     127.0.0.1 13      self
Nov 08 11:34:25 2017   admin     127.0.0.1 9      revert
Nov 08 11:34:06 2017   admin     127.0.0.1 9      self
Oct 06 07:15:18 2017   admin     Console 6      self
Oct 06 07:15:01 2017   admin     Console 6      self
Oct 06 07:14:17 2017   admin     Console 6      wr mem
Oct 06 07:14:12 2017   admin     Console 6      change-passwd
Oct 06 12:39:07 2017   admin     Console 6      reload force
Oct 06 12:38:49 2017   admin     Console 6      self
Oct 06 12:20:39 2017   admin     Console 6      write memory
Oct 06 12:20:33 2017   admin     Console 6      commit
--More--
nx9500-6C8809#
nx9500-6C8809#service show diag stats

fan 1 (System Fan 1) current speed: 2765 min_speed: 693 hysteresis: 250
fan 2 (System Fan 2) current speed: 3010 min_speed: 665 hysteresis: 250
fan 3 (System Fan 3) current speed: 2695 min_speed: 665 hysteresis: 250
fan 4 (System Fan 4) current speed: 3045 min_speed: 665 hysteresis: 250
fan 5 (System Fan 5) current speed: 6188 min_speed: 665 hysteresis: 250
fan 6 (System Fan 6) current speed: 5564 min_speed: 665 hysteresis: 250

Sensor 1 (Baseboard) Temperature 30.0 C
Sensor 2 (Front Panel) Temperature 20.0 C
Sensor 3 (PS1) Temperature 25.0 C
Sensor 4 (PS2) Temperature 27.0 C
Sensor 5 (HSBP) Temperature 21.0 C

nx9500-6C8809#
nx9500-6C8809#service show upgrade-history
Configured size of upgrade history is 50

  Date & Time            Old Version     New Version     Status
=====================================================================
Feb 02 08:34:30 2018 5.9.2.0-007D 5.9.2.0-008D Successful
Jan 29 09:40:12 2018 5.9.2.0-005D 5.9.2.0-007D Successful
Jan 03 10:32:08 2018 5.9.1.0-029R 5.9.2.0-005D Successful
Sep 22 10:31:03 2017 5.9.1.0-026B 5.9.1.0-029R Successful
Sep 15 12:07:21 2017 5.9.1.0-025B 5.9.1.0-026B Successful
Sep 12 15:24:16 2017 5.9.1.0-025D 5.9.1.0-025B Successful
Sep 11 12:09:07 2017 5.9.1.0-024D 5.9.1.0-025D Successful
Sep 04 13:59:54 2017 5.9.1.0-023D 5.9.1.0-024D Successful
Sep 01 10:06:22 2017 5.9.1.0-022D 5.9.1.0-023D Successful
--More--
nx9500-6C8809#
nx9500-6C8809#service show wireless reference reason-codes
 CODE  DESCRIPTION
  0    Success
  1    Unspecified Reason
  2    Previous authentication no longer valid
  3    Deauth because sending STA is leaving IBSS or ESS
  4    Disassoc due to inactivity
  5    Disassoc because AP is unable to handle all currently assoc STA
  6    Class 2 frame received from non-authenticated STA
  7    Class 3 frame received from nonassociated STA
  8    Disassoc because STA is leaving BSS
  9    STA requesting association is not authentication with corresponding STA
 10    Disassoc because info in the power capability elem is unacceptable
 11    Disassoc because info in the supp channels elem is unacceptable
 12    Reserved
--More--
nx9500-6C8809#
nx9500-6C8809#service show wireless reference reason-codes
 CODE  DESCRIPTION
  0    Success
  1    Unspecified Reason
  2    Previous authentication no longer valid
  3    Deauth because sending STA is leaving IBSS or ESS
  4    Disassoc due to inactivity
  5    Disassoc because AP is unable to handle all currently assoc STA
  6    Class 2 frame received from non-authenticated STA
  7    Class 3 frame received from nonassociated STA
  8    Disassoc because STA is leaving BSS
  9    STA requesting association is not authentication with corresponding STA
 10    Disassoc because info in the power capability elem is unacceptable
 11    Disassoc because info in the supp channels elem is unacceptable
--More--
nx9500-6C8809#
nx9500-6C8809>service show wireless config-internal
! Startup-Config-Playback Completed: Yes
no debug wireless
country-code in
nx9500-6C8809>
nx9500-6C8809#service show wireless log-internal
08:51:49.417: wlan:Starting credcache checkup/sync (credcache.c:1539)
08:31:47.416: wlan:Starting credcache checkup/sync (credcache.c:1539)
08:11:42.415: wlan:Starting credcache checkup/sync (credcache.c:1539)
07:51:42.412: wlan:Starting credcache checkup/sync (credcache.c:1539)
07:31:42.412: wlan:Starting credcache checkup/sync (credcache.c:1539)
07:11:37.409: wlan:Starting credcache checkup/sync (credcache.c:1539)
06:51:36.408: wlan:Starting credcache checkup/sync (credcache.c:1539)
06:31:27.408: wlan:Starting credcache checkup/sync (credcache.c:1539)
06:11:24.408: wlan:Starting credcache checkup/sync (credcache.c:1539)
05:51:21.407: wlan:Starting credcache checkup/sync (credcache.c:1539)
05:31:18.406: wlan:Starting credcache checkup/sync (credcache.c:1539)
05:11:11.405: wlan:Starting credcache checkup/sync (credcache.c:1539)

--More--
nx9500-6C8809#
nx9500-6C8809#service show xpath-history
-----------------------------------------------------------------------------------------------------------------------------
          DATE&TIME             USER                                    XPATH                                   DURATION(MS)
-----------------------------------------------------------------------------------------------------------------------------
  Mon Feb  5 14:20:38 2018    system    wing-stats/device/B4-C7-99-6C-88-09/upgrade-history                     10
  Mon Feb  5 14:16:37 2018    system    wing-stats/device/B4-C7-99-6C-88-09/service-info                        28
  Mon Feb  5 14:15:11 2018    system    wing-stats/device/B4-C7-99-6C-88-09/diag/temp                           449
  Mon Feb  5 14:15:09 2018    system    wing-stats/device/B4-C7-99-6C-88-09/diag/fan                            1748
  Mon Feb  5 14:12:49 2018    system    wing-stats/device/B4-C7-99-74-B4-5C/command-history                     49
  Fri Feb  2 16:10:58 2018    system    wing-stats/device/B4-C7-99-6C-88-09/content-filter/web_filter_policy    0
--More--
nx9500-6C8809#

The following example shows the service > show > virtual-machine-history output on a NX 9500 service platform:

nx9500-6C874D>service show virtual-machine-history
Configured size of virtual machine history is 100

  Date & Time        Virtual Machine  Event
=====================================================
Jan 16 05:39:46 2017  Domain-0         autostart 
Jan 10 03:47:09 2017  Domain-0         autostart
Jan 02 05:53:48 2017  Domain-0         autostart
Dec 27 10:52:59 2016  Domain-0         autostart
Oct 14 05:56:14 2016  Domain-0         autostart
Oct 14 03:01:48 2016  Domain-0         autostart
Oct 12 04:11:52 2016  Domain-0         autostart
Sep 30 04:41:08 2016  Domain-0         autostart
--More--
nx9500-6C874D>

Examples for the service > wireless > meshpoint command.

The following example displays meshpoint modules:
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C
       | SUBZONE
       | 0    1    2    3    4    5    6    7
-------+-----------------------------------------
  ZONE |
       | GEN  TX   RX   BEA  TXF
 2-LLC | 0    0    0    0    0
       | GEN  TX   RX   NBR  LQM  LSA
 3-ND  | 0    0    0    0    0    0
       | GEN
 4-ORL | 0
       | GEN  TX   RX   HEL  PRO
 5-LQ  | 0    0    0    0    0
       | GEN
 6-PS  | 0
       | GEN  ROOT NBR  REC
 7-RS  | 0    0    0    0
       | GEN
 8-IA  | 0
       | GEN  SET  GET
11-MGT | 0    0    0
       | GEN  RX   TX   R0   LMST LSUP LKEY KEY
13-LSA | 0    0    0    0    0    0    0    0
       | GEN  SCAN TRIG
14-ACS | 0    0    0
       | GEN
15-EAP | 0
       | GEN
16-L2P | 0

ROOT1-ap81xx-71174C#
In the preceding example,
  • The meshpoint name is mesh_root
  • The device on which the command is executed is ROOT1-ap81xx-71174C
  • The vertical ZONE column represents meshpoint modules. For example, 3-ND presents the Neighbor Discovery module.
  • The SUBZONE 0 to 7 represents the available processes for each of the zonal modules.
  • Debugging is disabled for all modules for the mesh-root meshpoint. A value of 0 (Zero) represents debugging disabled.
To enable meshpoint module debugging, specify the module number and the process number separated by a period (.). And then specify the debugging level from 0 - 7.
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C 3.2 7
In the preceding command,
  • The meshpoint module number provided is 3 (ND)
  • The process number provided is 2 (RX - Received signals from neighbors)
  • The debugging level provided is 7 (highest level - warning)
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C
       | SUBZONE
       | 0    1    2    3    4    5    6    7
-------+-----------------------------------------
  ZONE |
       | GEN  TX   RX   BEA  TXF
 2-LLC | 0    0    0    0    0
       | GEN  TX   RX   NBR  LQM  LSA
 3-ND  | 0    0    7(D) 0    0    0
       | GEN
 4-ORL | 0
       | GEN  TX   RX   HEL  PRO
 5-LQ  | 0    0    0    0    0
       | GEN
 6-PS  | 0
       | GEN  ROOT NBR  REC
 7-RS  | 0    0    0    0
       | GEN
 8-IA  | 0
       | GEN  SET  GET
11-MGT | 0    0    0
       | GEN  RX   TX   R0   LMST LSUP LKEY KEY
13-LSA | 0    0    0    0    0    0    0    0
       | GEN  SCAN TRIG
14-ACS | 0    0    0
       | GEN
15-EAP | 0
       | GEN
16-L2P | 0

ROOT1-ap81xx-71174C#

In the preceding example, level 7 debugging has been enabled only for the ND module‘s received signals. Note that debugging for all other modules and processes are still disabled.

To disable debugging for all modules, specify 0 (zero) in the command. For example:
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C 0
To enable debugging for all modules, specify the debugging level number. For example:
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C 5
ROOT1-ap81xx-71174C#service wireless meshpoint zl mesh_root on ROOT1-ap81xx-71174C
       | SUBZONE
       | 0    1    2    3    4    5    6    7
-------+-----------------------------------------
  ZONE |
       | GEN  TX   RX   BEA  TXF
 2-LLC | 5(N) 5(N) 5(N) 5(N) 5(N)
       | GEN  TX   RX   NBR  LQM  LSA
 3-ND  | 5(N) 5(N) 5(N) 5(N) 5(N) 5(N)
       | GEN
 4-ORL | 5(N)
       | GEN  TX   RX   HEL  PRO
 5-LQ  | 5(N) 5(N) 5(N) 5(N) 5(N)
       | GEN
 6-PS  | 5(N)
       | GEN  ROOT NBR  REC
 7-RS  | 5(N) 5(N) 5(N) 5(N)
       | GEN
 8-IA  | 5(N)
       | GEN  SET  GET
11-MGT | 5(N) 5(N) 5(N)
       | GEN  RX   TX   R0   LMST LSUP LKEY KEY
13-LSA | 5(N) 5(N) 5(N) 5(N) 5(N) 5(N) 5(N) 5(N)
       | GEN  SCAN TRIG
14-ACS | 5(N) 5(N) 5(N)
       | GEN
15-EAP | 5(N)
       | GEN
16-L2P | 5(N)

ROOT1-ap81xx-71174C#
nx9500-6C8809#service show diag fds
Process  open fds
cfgd      86
nx9500-6C8809#
nx9500-6C8809#service show diag pkts
Date: 11-4-2016, Time: 8:41:08.501033, Len: 64, 802.3, Proto: 0x8783, Vlan: 1, Priority: 0, Ingress: ge1, vlan1
Loop reason: Unknown(540)
TRUNCATED BB-7C-4D-80-C2-AC > 10-01-00-D2-68-99 at 64 bytes


Date: 11-4-2016, Time: 8:41:08.707631, Len: 64, 802.3, Proto: 0x8783, Vlan: 1, Priority: 0, Ingress: ge1, vlan1
Loop reason: Unknown(540)
TRUNCATED BB-7C-4D-80-C2-AC > 10-01-00-D2-68-99 at 64 bytes


Date: 11-4-2016, Time: 8:41:08.830963, Len: 64, 802.3, Proto: 0x8783, Vlan: 1, Priority: 0, Ingress: ge1, vlan1
Loop reason: Unknown(540)
TRUNCATED BB-7C-4D-83-30-A4 > 10-01-00-42-68-99 at 64 bytes

--More--
nx9500-6C8809#
nx9500-6C8809#service clear diag pkts
nx9500-6C8809#service show diag pkts
nx9500-6C8809#
nx9500-6C8809#service show diag psu
PSU1 (upper):
 status unplugged
PSU2 (lower):
 status normal
nx9500-6C8809#
The following examples show the purging of users from the guest-registration database:
nx7500-112233#service guest-registration delete ?
  all                 Delete all users
  email               Email address
  group               Group
  mac                 MAC address
  mobile              Mobile phone number
  name                Full name
  offline-for         Specify minimum amount of time offline
  otp-incomplete-for  Specify minimum amount of time registration with
                      one-time-passcode incomplete
  social              Social site used to log in
  wlan                Wireless LAN

nx7500-112233#
Purges users belonging to a specified RADIUS group.
nx7500-112233#service guest-registration delete group mac_reg_gr1
delete user status: delete users matching a group will take time, please wait
nx7500-112233#
Purges users using social-site (Facebook or Google) credentials to login.
nx7500-112233#service guest-registration delete social facebook 
delete user status: delete users matching a social category will take time, please wait
nx7500-112233#
Purges users inactive for a specified time period.
nx7500-112233#service guest-registration delete offline-for days 5
delete user status: Deleting users offline for minimum 5 days. This will take time, please wait
nx7500-112233#
Purges users who have failed to complete registration using the OTP within a specified time period.
nx7500-112233#service guest-registration delete otp-incomplete-for days 5
delete user status: Deleting registration with one-time-passcode incomplete for minimum 5 days. This will take time, please wait
nx7500-112233#
The following example displays IP ACLs to WLAN mapping summary on the ‘TechPubs‘ RF Domain:
nx9500-6C8809#service show ip-access-list wlan TechPubs status
Reporting Device: ap7161-99BB7C - success
Reporting Device: ap7532-80C2AC - success
Reporting Device: ap7562-84A224 - success
Reporting Device: nx9500-6C8809 - success
Reporting Device: ap8163-74B45C - success
Total reporting devices: 5
nx9500-6C8809#
Consider an RF Domain (name guest-domain) with 3 APs adopted to a controller. The CLI output for the service > show > ip-access-list command in this set up varies for different scenarios, as shown in the following examples:
  • Scenario 1: Executing the command on a device (access point).
    AP01#service show ip-access-list wlan status
    Reporting Device: AP01 - fail
    WLAN: XPO-Guest-PSK
      use ip-access-list in guest_access_inbound : fail
    Total reporting devices: 1
    AP01#
    AP01#service show ip-access-list wlan status detail
    ================================================================================
    Reporting Device: AP01
    --------------------------------------------------------------------------------
    WLAN: XPO-Guest-PSK
      use ip-access-list in guest_access_inbound : fail
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in default : success
      use ip-access-list out default : success
    --------------------------------------------------------------------------------
    Total reporting devices: 1
    AP01#
  • Scenario 2: IP ACL to WLAN mapping is successful for all APs in a specified RF Domain.
    SW01#service show ip-access-list wlan status on guest-domain
    Reporting Device: AP01 - success
    Reporting Device: AP02 - success
    Reporting Device: AP03 - success
    Total reporting devices: 3
    SW01#
  • Scenario 3: IP ACL has failed in dataplane due to unknown reasons.
    SW01#service show ip-access-list wlan status on guest-domain
    Reporting Device: AP01 - fail
    WLAN: XPO-Guest-PSK
      use ip-access-list in guest_access_inbound : fail
    Reporting Device: AP02 - success
    Reporting Device: AP03 - success
    Total reporting devices: 3
    SW01#
    SW01#service show ip-access-list wlan status detail on guest-domain
    ================================================================================
    Reporting Device: AP01
    --------------------------------------------------------------------------------
    WLAN: XPO-Guest-PSK
      use ip-access-list in guest_access_inbound : fail
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in guest_access_inbound : success
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    
    ================================================================================
    Reporting Device: AP02
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in guest_access_inbound : success
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    
    ================================================================================
    Reporting Device: AP03
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in guest_access_inbound : success
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    Total reporting devices: 3
    SW01#
  • Scenario 4: AP in RF Domain is unreachable or does not support this functionality.
    SW01#service show ip-access-list wlan status on guest-domain
    Reporting Device: AP01 - unreachable
    Reporting Device: AP02 - success
    Reporting Device: AP03 - success
    Total reporting devices: 3
    SW01#
    SW01#service show ip-access-list wlan status detail on guest-domain
    
    ================================================================================
    Reporting Device: AP01
    Timed out waiting for remote device: xpath=wing-stats/device/00-23-68-0B-86-38/firewall/
    ip_acl_intf_status/wlan[mac='*']
    
    ================================================================================
    Reporting Device: AP02
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in guest_access_inbound : success
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    
    ================================================================================
    Reporting Device: AP03
    --------------------------------------------------------------------------------
    WLAN: PartnerNet
      use ip-access-list in guest_access_inbound : success
      use ip-access-list out BC-MC-CONTROL : success
    --------------------------------------------------------------------------------
    Total reporting devices: 3
    SW01#