Autonomous AP as WGB (Single VLAN)

In this post we will learn how to configure an autonomous AP as WGB.

WGB can provide the wired connection to the devices which don’t have wireless adaptor so that device can directly connect to WGB Ethernet port to access the wireless network.

It can provide wireless connectivity to wired clients that are connected by Ethernet to the work-group bridge access point.00

WGB connect to root AP as a client through the wireless interface.

Basic Info:

  • Infrastructure SSID configuration not required
  • By default when the WGB associates with the root bridge, all the wired clients + the WGB are shown as normal clients.
  • A WGB can only pass one VLAN between the WGB and the root bridge(As Cisco recommend but it can also pass multiple)
  • Always use bridge-group 1 for the link between the root and WGB.
  • But if we use WGB multicast infrastructure mode on the WGB, we need to add infrastructure-client on the root AP side.
  • A WGB in standard mode is by default a “client”, not an “infrastructure client” and therefore cannot associate to an infrastructure SSID.
  • WGB is a mobile
  • Root AP can allow max 20WGB.(This must be test out)

 My Topology:

WGB_Vlan1

Remembering Points:

  1. The AP to which a WGB associates can treat the WGB as an infrastructure device or as a normal client. By default, AP treats WGB as client devices.
  1. If WGB is an infrastructure client, it can associate to an infrastructure SSID. Infrastructure SSIDs are used to authenticate Bridges, Repeaters…Etc. A WGB in by default is a “client”, not an “infrastructure client” and therefore cannot associate to an infrastructure SSID.

Use of Infrastructure-Client Command:

  1. Used for Reliable Multicast
  2. To make WGB as Infrastructure-Client so that WGB can associate to Infrastructure-SSID.

In my example WGB is connected root AP via RSCCIEW WLAN interface.

WGB authentication with LEAP-WPA2.

Here is the configuration:

Root AP:

RootAP#sh run
 !
 hostname RootAP
 !
 aaa new-model
 !
 aaa group server radius rad_eap
 server 192.168.11.35 auth-port 1112 acct-port 1113
 !
 aaa authentication login eap_method group rad_eap
 !
 dot11 ssid RSCCIEW
 vlan 11
 authentication open eap eap_method
 authentication network-eap eap_method
 authentication key-management wpa version 2
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 11 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root
 !
 interface Dot11Radio0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0
 ip address dhcp
 no ip route-cache
 speed 100
 full-duplex
 !
 interface FastEthernet0.11
 encapsulation dot1Q 11 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 192.168.11.35 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 192.168.11.254
 radius-server local
 no authentication eapfast
 no authentication mac
 nas 192.168.11.35 key 7 13261E010803557878
 user WGB nthash 7 124C264F425B2A55790A770B166D743623445655067D7C077159504B477C017601
 !
 radius-server host 192.168.11.35 auth-port 1112 acct-port 1113 key 7 02250D4808095E731F
 bridge 1 route ip
 !
 end

WGB:

WGB#sh run
 !
 hostname WGB
 !
 no aaa new-model
 !
 dot11 ssid RSCCIEW
 authentication open eap test
 authentication network-eap test
 authentication key-management wpa version 2
 dot1x credentials wgbuser
 dot1x eap profile leap
 !
 eap profile leap
 method leap
 !
 dot1x credentials wgbuser
 username WGB
 password 7 060506324F41
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role workgroup-bridge
 bridge-group 1
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 no dfs band block
 channel dfs
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 bridge-group 1
 !
 interface BVI1
 ip address dhcp
 no ip route-cache
 !
 bridge 1 route ip
 bridge 1 address c434.6b27.0c11 forward FastEthernet0.11
 !
 end

Verification:

On Root AP

RootAP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 001d.7096.3404 192.168.11.36     WGB           WGB             self           EAP-Assoc
 c434.6b27.0c11 192.168.11.37     WGB-client    -               001d.7096.3404 Assoc
RootAP#sh dot11 associations 001d.7096.3404
 Address           : 001d.7096.3404     Name             : WGB
 IP Address        : 192.168.11.36        Interface        : Dot11Radio 0
 Device            : WGB                Software Version : 12.4
 CCX Version       : 5                  Client MFP       : On
 State             : EAP-Assoc          Parent           : self
 SSID              : RSCCIEW
 VLAN              : 11
 Hops to Infra     : 1                  Association Id   : 1
 Clients Associated: 1                  Repeaters associated: 0
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -24  dBm           Connected for    : 102 seconds
 Signal to Noise   : 71  dB            Activity Timeout : 30 seconds
 Power-save        : Off                Last Activity    : 0 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 213                Packets Output   : 29
 Bytes Input       : 47472              Bytes Output     : 3382
 Duplicates Rcvd   : 0                  Data Retries     : 3
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
 Session timeout   : 0 seconds
 Reauthenticate in : never
RootAP#sh dot11 associations c434.6b27.0c11
 Address           : c434.6b27.0c11     Name             : NONE
 IP Address        : 192.168.11.37        Interface        : Dot11Radio 0
 Device            : WGB-client         Software Version : NONE
 CCX Version       : NONE               Client MFP       : Off
 State             : Assoc              Parent           : 001d.7096.3404
 SSID              : RSCCIEW
 VLAN              : 11
 Hops to Infra     : 0
 Clients Associated: 0                  Repeaters associated: 0

On WGB:

 *Mar  1 02:06:37.718: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP RootAP 003a.9a3e.a380 [LEAP WPAv2]
  
  
 WGB#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 003a.9a3e.a380 192.168.11.35     ap1240-Parent RootAP          -              EAP-Assoc
  
 WGB#sh dot11 associations 003a.9a3e.a380
 Address           : 003a.9a3e.a380     Name             : RootAP
 IP Address        : 192.168.11.35        Interface        : Dot11Radio 0
 Device            : ap1240-Parent      Software Version : 12.4
 CCX Version       : 5                  Client MFP       : On
 State             : EAP-Assoc          Parent           : -
 SSID              : RSCCIEW
 VLAN              : 0
 Hops to Infra     : 0                  Association Id   : 1
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -28  dBm           Connected for    : 177 seconds
 Signal to Noise   : 66  dB            Activity Timeout : 11 seconds
 Power-save        : Off                Last Activity    : 4 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 2475               Packets Output   : 732
 Bytes Input       : 402607             Bytes Output     : 316070
 Duplicates Rcvd   : 0                  Data Retries     : 4
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
Advertisements

3 Comments

  1. Pingback: Autonomous AP as WGB (Multiple VLAN) | Towards CCIE Wireless

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s