In this post we will learn how to configure a repeater to extend our wireless coverage.
To extend or increase the range of our WLAN, we can add a repeater AP to the network. This repeater AP will not physically connected to the WLAN, but is instead added to radio range of the wired connected Access Point and the clients that access the WLAN.
***AP has two radios, only one can be used as a repeater. We must configure the other as a root radio.
***Repeater only can connect to root AP in Autonomous mode.
Here is my test lab setup:
Client………..Repeater-AP…………Root-AP——–Switch
When we configure an AP as a repeater, the access point’s Ethernet port does not forward traffic.
*** After our AP is configured as a repeater, it shuts down its Ethernet connection. Any devices connected to the Ethernet port are disconnected from the AP.
Of-course we can configure multiple APs as repeaters, but throughput decreases as additional APs are added to the chain, because each repeater must receive/retransmit the packet on the same channel. Because of this, throughput is cut in half for each repeater added.
A repeater AP connects to the root AP which has the best connectivity. But we can specify the AP to which the repeater associates. Setting up a static, specific association between a repeater and a root access point improves repeater performance.
Remembering Points:
- It’s best to use repeaters to serve clients that do not require high throughput.
- Cisco AP repeaters work best when clients are Cisco devices. Problems occur when third-party devices try to associate with repeater APs.
- Ensure the data rates configured on the repeater AP match the data rates of the parent AP.
- We can’t configure multiple VLANs on repeater access points. Repeater access points support only native VLAN.
- If Repeater is connected to root AP, which has many BSSIDs and we are adding/deleting SSID on root AP that might change the parent mac address. So if we are making some changes on root AP then we must again check the connectivity between root AP and repeater after modification.
Steps to Configure the AP as Repeater:
- Enable Aironet extensions on both the parent and repeater APs. By default, these extensions are enabled. (Aironet extensions, which are enabled by default, improve the access point’s ability to understand the capabilities of Cisco Aironet client devices associated with the access point.)
- Setup the SSID under specific Radio {0 or 1}
- Assigns the SSID as an infrastructure SSID. This is the SSID the repeater uses to associate to the root AP.
The infrastructure SSID must be assigned to the native VLAN. If more than one VLAN is created on an AP, an infrastructure SSID cannot be assigned to a non-native VLAN. The following message appears when the infrastructure SSID is configured on non-native VLAN:
ap(config-ssid)#infrastructure-ssid optional Dot11Radio0: SSID Test must be configured as native-vlan before enabling infrastructure-ssid ap(config-ssid)#
*** The ”optional” argument allows regular clients to associate as well.
- Establishes this AP’s role as a repeater.
By using this command: station-role repeater
- We can enter MAC addresses for up to four parents. If the repeater fails to associate to the first parent, it moves to the next on the list. We can enter a timeout, which establishes how long the repeater tries to associate to a parent before it moves to the next.
Root AP/Repeater Configuration with WPA2 encryption.
On Root AP:
hostname Root-AP ! dot11 ssid RSCCIEW vlan 80 authentication open authentication key-management wpa version 2 infrastructure-ssid wpa-psk ascii 7 104D000A061843595F ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.110 255.255.255.0 no ip route-cache
Repeater-AP:
hostname Repeater-AP ! dot11 ssid RSCCIEW vlan 80 authentication open authentication key-management wpa version 2 guest-mode infrastructure-ssid wpa-psk ascii 7 0822455D0A16544541 ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role repeater ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no p route-cache bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.111 255.255.255.0 no ip route-cache
Once completion of configuration, we will these logs:
*Oct 6 09:23:28.003: %DOT11-6-ASSOC: Interface Dot11Radio0, Station Repeater-AP 2894.0fa8.a594 Associated KEY_MGMT[WPAv2 PSK]
Now let’s connect a client to repeater AP and see its Status:
Root-AP#sh dot11 ass 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State 2894.0fa8.a594 10.35.80.111 ap1240-Rptr Repeater-AP self Assoc 5426.963e.4bee 10.35.80.108 Rptr-client - 2894.0fa8.a594 Assoc Root-AP#
If we want fix the repeater to associate to specific root Aps, we can use “Parent <1-4>mac-address [timeout]” command under radio interface of repeater. Maximum 4 parent’s mac addresses are allowed. In our case we have only one Root-AP.
Also we can enter a timeout value in seconds that determines how long the repeater attempts to associate to a parent access point before trying the next parent in the list. Timeout value varies from 0 to 65535 seconds.
Here is the command:
Repeater-AP#Conf t
Repeater-AP(config)#Parent 1 mac 003a.9914.1370
In next post we will see the Repeater authentication via LEAP.
2 thoughts on “Autonomous AP as Repeater with WPA2”