In this post we will learn how to configure AP as wireless bridge. I tried to find the documents on cisco but they are very limited.
Let’s learn something about Wireless Bridges.
Here is my Topology:
I have two 1240 model APs.
Root-AP: 10.35.80.110
Wireless-Bridge: 10.35.80.111
A wireless bridge is a Layer 2 device; it connects two or more LANs, which can be in different buildings, through the wireless interface. Wireless bridges provide higher data rates and superior throughput for data-intensive and line of sight applications. Wireless bridges eliminate the need for expensive leased lines and fiber-optic cables and mostly used to connect two sites where either WAN line is not available or available but expensive.
In this post I will create a WLAN “RSCCIEW” to connect Root-AP & Wireless-Bridge.
Remembering Points:
- It will always connect to Root-AP via Native VLAN.
- It can support multiple VLAN. (Not like Repeater).
Let’s start with configuration:
Basic Root-AP/Wireless-Bridge Configuration with WPA2 encryption/single SSID.
Root AP:
hostname Root-AP ! dot11 ssid RSCCIEW vlan 80 authentication open authentication key-management wpa version 2 infrastructure-ssid wpa-psk ascii 7 0822455D0A16544541 ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role root bridge wireless-clients ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.110 255.255.255.0 no ip route-cache ! ip default-gateway 10.35.80.254
Wireless-Bridge:
hostname Wireless-Bridge ! dot11 ssid RSCCIEW vlan 80 authentication open authentication key-management wpa version 2 guest-mode infrastructure-ssid wpa-psk ascii 7 030752180500701E1D ! interface Dot11Radio0 no ip address no ip route-cache ! encryption vlan 80 mode ciphers aes-ccm ! ssid RSCCIEW ! station-role non-root bridge wireless-clients ! interface Dot11Radio0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache speed 100 full-duplex ! interface FastEthernet0.80 encapsulation dot1Q 80 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled ! interface BVI1 ip address 10.35.80.111 255.255.255.0 no ip route-cache ! ip default-gateway 10.35.80.254
Once completion of configuration, we will these logs:
*Dec 17 12:44:24.301: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [None WPAv2 PSK]
Root-AP#sh dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State 003a.9a3e.a380 10.35.80.111 bridge Wireless-Bridge self Assoc Root-AP#sh dot11 associations 003a.9a3e.a380 Address : 003a.9a3e.a380 Name : Wireless-Bridge IP Address : 10.35.80.111 Interface : Dot11Radio 0 Device : bridge Software Version : 12.4 CCX Version : 5 Client MFP : On State : Assoc Parent : self SSID : RSCCIEW VLAN : 80 Hops to Infra : 1 Association Id : 1 Clients Associated: 1 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PSK Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr ShortSlot Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -13 dBm Connected for : 267 seconds Signal to Noise : 75 dB Activity Timeout : 30 seconds Power-save : Off Last Activity : 1 seconds ago Apsd DE AC(s) : NONE Packets Input : 5988 Packets Output : 3377 Bytes Input : 883945 Bytes Output : 513196 Duplicates Rcvd : 0 Data Retries : 233 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never Root-AP#
Now let’s connect a client to Wireless-Bridge and see its status:
Root-AP#sh dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [RSCCIEW] : MAC Address IP address Device Name Parent State 003a.9a3e.a380 10.35.80.111 bridge Wireless-Bridge self Assoc ac7b.a1d1.c289 10.35.80.109 Br-client Wireless-Bridge 003a.9a3e.a380 Assoc Root-AP# Root-AP#sh dot11 associations 003a.9a3e.a380 Address : 003a.9a3e.a380 Name : Wireless-Bridge IP Address : 10.35.80.111 Interface : Dot11Radio 0 Device : bridge Software Version : 12.4 CCX Version : 5 Client MFP : On State : Assoc Parent : self SSID : RSCCIEW VLAN : 80 Hops to Infra : 1 Association Id : 1 Clients Associated: 2 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : WPAv2 PSK Encryption : AES-CCMP Current Rate : 54.0 Capability : WMM ShortHdr ShortSlot Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -6 dBm Connected for : 127 seconds Signal to Noise : 81 dB Activity Timeout : 30 seconds Power-save : Off Last Activity : 0 seconds ago Apsd DE AC(s) : NONE Packets Input : 26129 Packets Output : 6816 Bytes Input : 4276916 Bytes Output : 1048109 Duplicates Rcvd : 0 Data Retries : 1204 Decrypt Failed : 0 RTS Retries : 29 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Session timeout : 0 seconds Reauthenticate in : never Root-AP#sh dot11 associations ac7b.a1d1.c289 Address : ac7b.a1d1.c289 Name : Wireless-Bridge IP Address : 10.35.80.109 Interface : Dot11Radio 0 Device : Br-client Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : 003a.9a3e.a380 SSID : RSCCIEW VLAN : 80 Hops to Infra : 0 Clients Associated: 0 Repeaters associated: 0 Root-AP#
*** If we want to authenticate Wireless-Bridge with LEAP(How to Authenticate with LEAP) or EAP-FAST(How to Authenticate with LEAP) then we have to use the same method as we did for Repeaters. Check my old post to use EAPFAST or LEAP to authenticate Repeater, Wireless Bridge, WGB, and Universal WGB.
Pingback: Autonomous AP as Wireless Bridge with Multiple VLAN | Towards CCIE Wireless