WLC Mesh Network Configuration

In this post we will learn about the configuration guide point to point wireless bridging using the Mesh Network solution from WLC.

This is my topology:

Mesh1

Right now I have both AP connected to WLC in local mode.

Remembering points:

  • An AP in mesh mode needs to be authorized to join a controller. So the first step is therefore to add there mac address.
  • Before converting to bridge mode we must add the mac address of the both APAP in Policies list or the MAC filtering list. From Security > AAA > AP Policies, click Add.
  • To configure Mesh, we will need to do multiple reboots of our APs. To reduce the number of reboots, configure all of the global Mesh settings first
  • Don’t use static IP address especially on MAP.

From Security > AAA > AP Policies, click Add.

Mesh2

Now place both AP into Bridge mode (just another name for Mesh mode).

LAP1:

Mesh3

LAP2:

Mesh4

After selection of Bridge mode we must apply it. Then both AP will reboot.

See the screenshot when both AP came as in Bridge Mode:

Mesh5

Once the AP reboots, a new MESH tab is available under:  Wireless > All APs, click on AP1 or AP2.

Mesh6

Here are few boxes which we should remember.

AP Role: Either RAP or MAP

Bridge Type: Indoor

Bridge Group Name (BGN): It’s like a workgroup name, allow the APs to know which AP are part of their group. (Here in my example we will take BGN as rscciew123)

Bridge Data Rates: Rate at which data is shared between the mesh access points. This is fixed for a whole network. Default data rate is 18 Mbps, which you should use for the backhaul. Valid data rates: for 802.11a: 6, 9, 12, 18, 24, 36, 48, and 54

Since AP2 will send its traffic through AP1, AP1 will be the RAP and AP2 will be the MAP. Don’t forget to configure an identical Bridge ID. (Otherwise leave it blank for both APs)

In Mesh tab, configure the rest of the AP settings.

  • Select RAP role to AP1 and assign BGN name (rscciew123)
  • Select MAP role to AP2 and assign BGN name (rscciew123)

And Apply. The APs will go through reboot again, and will take few minutes to rejoin to WLC.

*** MAPs use Adaptive Wireless Path Protocol (AWPP) to determine the best path through the mesh APs to their WLC. The protocol takes path decisions based on both link-quality and number of Mesh hops.

To prevent AP2 from simply connecting back up to the WLC through its wired port, Either place AP2 into VLAN 100(Not routable) or make the wired port shut for AP2, so that it has no path to the WLC except though its radios.

This is not mandatory- (When the APs come back up, AP1 will do another MAC auth. But AP2 will do a user auth. See the SNMP trap logs for the user name, and then create a local user with that name and make the password identical to the name.)We can see this error in trap log on WLC.

Now my Both AP is up.

Now check the status: Go to Wireless > All APs , far right on AP1 there is blue box ,click on that and select Neighbor Information

Mesh7

Mesh8

Verification:

We can also check from AP1 and AP2 CLI:

On AP1:

AP001#sh mesh status
 show MESH Status
 RootAP in state Maint
 Uplink Backbone: FastEthernet0,  hw FastEthernet0
 Configured BGN: rscciew123, Extended mode 0
 Children: Accept child
 rxNeighReq 187 rxNeighRsp 0 txNeighReq 0 txNeighRsp 187
 rxNeighRsp 653 txNeighUpd 3333
 nextchan 0 nextant 0 downAnt 0 downChan 0 curAnts 0
 nextNeigh 1, malformedNeighPackets 0,poorNeighSnr 0
 excludedPackets 0,insufficientMemory 0, authenticationFailures 0
 Parent Changes 1, Neighbor Timeouts 0
 Vector through XXXX.XX96.3404:
 Vector ease 1 -1, FWD: XXXX.XX96.3404
AP001#sh mesh adjacency child
 show MESH Adjacency Child
 ADJ 1 Identity YYYY.YY03.e31c MA: 003a.9914.137f ver 0x20 minver 0x0 on device Dot11Radio:1 txpkts 754 txretries 420
 Flags: CHILD BEACON
 worstDv 255 Ant 0, channel 64, biters 0, ppiters 10, fwd_state 3
 Numroutes 0, snr 0, snrUp 10 snrDown 0 linkSnr 0 blistExp 3 bliters 0
 adjustedEase 0 unadjustedEase 0 stickyEase 0 txParent 0 rxParent 0
 BGN rscciew123
 Vector through YYYY.YY03.e31c:
 Per antenna smoothed snr values: 0 0 0 0
 Subordinate neighbors: YYYY.YY03.e31c
 Hop-Count Extension: ON, Version: 1

On AP2:

AP002#sh mesh status
 show MESH Status
 MeshAP in state Maint
 Uplink Backbone: Virtual-Dot11Radio0,  hw Dot11Radio1
 Configured BGN: rscciew123, Extended mode 0
 Children: Accept child
 rxNeighReq 0 rxNeighRsp 213 txNeighReq 372 txNeighRsp 0
 rxNeighRsp 1094 txNeighUpd 966
 nextchan 0 nextant 0 downAnt 0 downChan 0 curAnts 0
 nextNeigh 3, malformedNeighPackets 0,poorNeighSnr 44
 excludedPackets 0,insufficientMemory 0, authenticationFailures 0
 Parent Changes 7, Neighbor Timeouts 0
 Vector through XXXX.XX96.3404:
 Vector ease 1 -1, FWD: XXXX.XX96.3404
AP002#sh mesh adjacency parent
 show MESH Adjacency Parent
 ADJ 1 Identity XXXX.XX96.3404 MA: 0022.bd98.3a3f ver 0x20 minver 0x20 on device Dot11Radio:1 txpkts 712 txretries 247
 Flags: UPDATED NEIGH PARENT BEACON
 worstDv 0 Ant 0, channel 64, biters 0, ppiters 10, fwd_state 3
 Numroutes 1, snr 0, snrUp 13 snrDown 10 linkSnr 9 blistExp 2 bliters 0
 adjustedEase 512 unadjustedEase 512 stickyEase 2048 txParent 349 rxParent 199
 Authentication: EAP, Encryption: AES-CCMP, Fwd-state: OPEN/CONTROL
 BGN rscciew123
 Vector through XXXX.XX96.3404:
 Vector ease 1 -1, FWD: XXXX.XX96.3404
 Per antenna smoothed snr values: 9 0 0 0
 Hop-Count Extension: ON, Version: 1
  

*** MAP is in Maint state, which indicates it has found a parent.

On WLC:

(WLAN1) >show ap summary
 Number of APs.................................... 2
 Global AP User Name.............................. admin
 Global AP Dot1x User Name........................ Not Configured
 AP Name             Slots  AP Model              Ethernet MAC       Location          Port  Country  Priority
 ------------------  -----  --------------------  -----------------  ----------------  ----  -------  ------
 AP001                2     AIR-LAP1242AG-E-K9    XX.XX.XX:96:34:04  default Location  1        DE       4
 AP002                2     AIR-LAP1242AG-E-K9    YY.YY.YY:03:e3:1c  default location  1        DE       4
  
 (WLAN1) >
 (WLAN1) >
 (WLAN1) >show mesh ap tree
 =======================================================
 ||  AP Name [Hop Counter, Link SNR, Bridge Group Name] ||
 =======================================================
 [Sector 1]
 ----------
 AP001[0,0,rscciew123]
 |-AP002[1,8,rscciew123]
 ----------------------------------------------------
 Number of Mesh APs............................... 2
 Number of RAPs................................... 1
 Number of MAPs................................... 1
 ----------------------------------------------------
 (WLAN1) >

This is all about basic configuration J

We can also force MAP to use specific RAP for the best path: How to configure it.

(WLAN1) > config mesh parent preferred <Cisco AP name> <mac address of preffered parent>

Configuring Global Mesh parameters

Wireless -> MESH

Mesh9

  • Range
    • Optimum distance that should exist between the RAP and the MAP
  • IDS
    • Normally this parameter applies to outdoor mesh access points to report Rouges to Controller.
    • IDS reports are generated for all traffic on the backhaul
  • Backhaul Client Access
    • It applies to APs with 2 or more radios.
    • When it’s disabled, 11a radio -> backhaul, 802.11b/g -> Client associations.
    • When enabled, Slot 1 can do both backhaul and client associations
    • When Extended Backhaul client access is enabled, even slot 2 can be used for client associations.
  • Mesh DCA Channel
    • When we change the channel under RRM then MAP will not detect this and they will continuously use that channel, so if we enable this feature the MAP will detect the channel change on RRM.
  • Global Public Safety
    • Disabled by default, we can enable this to use 4.9GHz range.(This range used by US Public Safety channels)
  • VLAN Transparent
    • It determines how VLAN tags are handled from the Ethernet bridged traffic
    • The VLAN tagging only works on non-backhaul Ethernet ports.
    • When enabled: VLAN tags are not supported and only 1 L2 VLAN ( Mesh AP vlan ) can be bridged when VLAN transparent is enabled
      • e the RAP , MAP ethernet ports must be configured as access ports on the switch
    • When this feature is disabled, all packets are tagged as non-VLAN transparent or VLAN-opaque . This implements VLAN tagging.
  • Security mode
    • PSK or EAP authentication can be enabled
      • EAP must be selected if external MAC authorization using a RADIUS server is configured
      • PSK or Local EAP authentication is performed within the controller if External MAC Filter authorization parameter is disabled.
    • External MAC filter authorization
      • If the MAC address is not found in the local MAC filter list, then the RADIUS server is checked.
      • Protects against rogue APs
    • Force External Authentication
      • When this is enabled along with External MAC filter authorization the RADIUS server decisions override the local MAC filter list.

Mesh Ethernet Bridging:

Mesh10

Ethernet Bridging: By default it’s disabled, traffic from MAP Ethernet is blocked on Backhaul. To allow traffic from MAP Ethernet we have to enable this feature on both RAP and MAP.

***Note: By default Ethernet bridging is not allowed, it’s dropped on RAP Ethernet port, untagged.   To allow VLAN tagging we must disable VLAN Transparent option (Wireless > Mesh). Once we disable it VLAN tag will be accepted.

Mesh11

RAP: Check the Ethernet Bridging Box and Apply

Now we will see the Ethernet interface under Mesh Tab, Click on it.

Mesh12

MAP:

Mesh13

 

Mesh14

Same we have to do on MAP.

Mesh15

RAP: Native VLAN 80, Trunk VLAN 35

MAP: Native VLAN 100, Trunk VLAN 35

Make sure that port for RAP and MAP configured as Trunk.

That’s all about Ethernet bridging 🙂

WGB with multiple VLAN in UWNS

In this post we will see how to configure a WGB for multiple VLAN in unified wireless environment. This is useful when we want to have wired client behind WGB in different VLAN.

WGB connects to a wired network over a single wireless segment by learning the MAC address of its wired clients on the Ethernet interface and reporting them to the lightweight access point using Internet Access Point Protocol (IAPP) messaging. The WGB provides wireless access connectivity to wired clients by establishing a single connection to the lightweight access point. The lightweight access point treats the WGB as a wireless client.

Remembering Points:

  • The workgroup bridge can be any autonomous access point that supports the workgroup bridge mode and is running Cisco IOS Release JA or greater (on 32-MB access points) or Cisco IOS Release 12.3(8) JEB or greater (on 16-MB access points).
  • On the wireless LAN controller, we should have software version 4.1.185.0 or later. The WGB mode is not supported on the controller on any of the earlier versions.
  • We do not need to configure anything on the controller to enable the WGB to communicate with the lightweight access point. However, to ensure proper communication, we should create a WLAN on the controller that matches the SSID and security method that was configured on the WGB.
  • LAP is acting as root AP for WGB.
  • We can only configure one radio for WGB mode to connect to LAP.
  • By default, access points treat workgroup bridges as client device.
  • WGB can support maximum 20 clients.
  • These lightweight features are supported for use with a workgroup bridge:
    • Guest N+1 redundancy
    • Local EAP
  • These lightweight features are not supported for use with a workgroup bridge:
  • Cisco Centralized Key Management (CCKM)
    • Hybrid REAP
    • Idle timeout
    • Web authentication
  • These features are not supported for wired clients connected to a workgroup bridge:
    • MAC filtering
    • Link tests
    • Idle timeout

My topology for this LAB:

Core Switch——-WLC——-LAP~~~~~~~~~~WGB———–Switch——Client

  • The Dynamic Host Configuration Protocol (DHCP) is configured for VLAN 80(On Core Switch) and 81(On WLC).
  • The WLC has the dynamic interfaces created for VLAN 80 and 81.
  • The WGB has sub-interfaces for required VLANs — 80 and 81.
  • The switch behind the WGB has required VLANs — 80 and 81.
  • WLC is connected with trunk port to Core switch and AP001 (LAP) is connected with access port.
  • WLC1 is configured with 2 dynamic interfaces: 80(Test) and 81(Coding)
  • Created a SSID”Test” with WPA2/AES – PSK as shown below.

WGB_MuVLAN1

Config. on Core Switch:

First we have to create DHCP pool and SVI interface for the management VLAN so that LAP and WGB can get the IP address. Here I created DHCP Pool “WGB” for VLAN 80 and configured the WLC and AP port with right configuration as shown below.

ip dhcp excluded-address 10.35.80.1 10.35.80.100
ip dhcp excluded-address 10.35.80.120 10.35.80.254
 !
 ip dhcp pool WGB
 network 10.35.80.0 255.255.255.0
 default-router 10.35.80.254
 option 43 ip 10.35.80.1
 lease 3
 !
 vlan 80
 name Management
 !
 vlan 81
 name coding
 !
 interface FastEthernet1/24
 description LAP - AP001
 switchport access vlan 80
 switchport mode access
 !
 interface FastEthernet0/25
 description *** WLC1  ***
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 80,81
 switchport mode trunk
 !
 interface Vlan80
 ip address 10.35.80.245 255.255.255.0

Configuration on WLC:

WLAN Configuration:

Step1: As shown in pic, I created a SSID Test with WPA2-PSK security policy and management interface assigned to it.

WGB_MuVLAN2

Step2: DHCP Scope for VLAN 81:

Wired client behind the WGB will get the IP from VLAN 81 so we have to create a DHCP scope for them in WLC.

WGB_MuVLAN3

Step3: Also enable the WGB by WLC CLI:

(WLC1) >config wgb vlan enable

By default its disabled and we must enable it to get WGB VLAN client connectivity.

Config of WGB:

  1. I am using the WGB to configured for the 2.4-GHz and that is 802.11b radio is 0. (We can only configure one radio for WGB mode to connect to LAP).
  2. To support multiple VLAN on WGB we have to use VLAN tagging feature which enables segregation of VLAN traffic based on the VLAN numbers for Unified WGB solution. When this feature is enabled, the WGB removes the 802.1q header while sending the packet from a VLAN client to the wireless LAN controller (WLC). WGB gets the packet to a VLAN client without 802.1q header and WGB code has to be modified to add the 802.1q header while forwarding the frame to the switch behind WGB.

WGB updates the WLC with the wired-client VLAN information in the Internet Access Point Protocol (IAPP) Association message. WLC treats the WGB client as a VLAN-client and forwards the packet in the right VLAN interface based on the source-mac-address.

In the upstream direction, WGB removes the 802.1q header from the packet while sending to the WLC.

In the downstream direction while forwarding the packet to the switch connecting the wired-client, the WLC sends the packet to WGB without the 802.1q tag and WGB adds a 4-byte 802.1q header based on the destination mac-address.

To enable VLAN tagging, we have to use this command:

(WLC1) > workgroup-bridge unified-vlan-client
  1. If you faced this kind of problem while testing: When wired client got connection to WGB but after sometime it automatically removed because of extended of time(specially the connected switch to WGB was losing IP address). To stop this we have to configure aging time on WGB. By using this command:
(WLC1) > bridge brige-group-number aging-time 65535

So here is the complete config for WGB:

hostname WGB
 !
 dot11 ssid Test
 vlan 80
 authentication open
 authentication key-management wpa version 2
 guest-mode
 wpa-psk ascii 7 105A0C0A114640585851
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid Test
 !
 station-role workgroup-bridge --> To define the role of this AP as WGB
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface Dot11Radio0.81
 encapsulation dot1Q 81
 no ip route-cache
 bridge-group 81
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 shutdown
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 speed 100
 full-duplex
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface FastEthernet0.81
 encapsulation dot1Q 81
 no ip route-cache
 bridge-group 81
 !
 interface BVI1
 ip address dhcp
 no ip route-cache
 !
 ip default-gateway 10.35.80.254
 !
 workgroup-bridge unified-vlan-client --> To support multiple VLAN on WGB

Verification:

On WGB:

WGB#sh bridge
 Total of 300 station blocks, 293 free
 Codes: P - permanent, S - self
 Bridge Group 1:
 Address       Action   Interface       Age   RX count   TX count
 0022.bd98.3a30   forward   Vi0.80            2          3          0
 381c.1a89.f4c1   forward   Fa0.80            2         12          2
 381c.1a89.f481   forward   Fa0.80            0        654          0
 001e.4a81.4c96   forward   Vi0.80            0        386          4
 Bridge Group 81:
 381c.1a89.f4c2   forward   Fa0.81            3          1          0
 c434.6b25.80c8   forward   Fa0.81            0       2352          0
 381c.1a89.f481   forward   Fa0.81            0        316          0
WGB#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [Test] :
 MAC Address    IP address      Device        Name            Parent         State
 0022.bd98.3a32 10.35.80.1      LWAPP-Parent AP001           -              Assoc
WGB#sh dot11 associations  0022.bd98.3a32
 Address           : 0022.bd98.3a32     Name             : AP001
 IP Address        : 10.35.80.1         Interface        : Dot11Radio 0
 Device            : LWAPP-Parent      Software Version : NONE
 CCX Version       : 5                  Client MFP       : On
 State             : Assoc              Parent           : -
 SSID              : Test
 VLAN              : 80
 Hops to Infra     : 0                  Association Id   : 1
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2 PSK          Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -46  dBm           Connected for    : 989 seconds
 Signal to Noise   : 43  dB            Activity Timeout : 15 seconds
 Power-save        : Off                Last Activity    : 0 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 672848             Packets Output   : 66093
 Bytes Input       : 128614720          Bytes Output     : 6258031
 Duplicates Rcvd   : 0                  Data Retries     : 3361
 Decrypt Failed    : 0                  RTS Retries      : 425
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
  

ON WLC:

Via GUI:

WGB_MuVLAN4

WGB_MuVLAN5

WGB_MuVLAN6

Client got the IP in VLAN 81 ,which is connected with Switch.

WGB_MuVLAN7

Via CLI:

(WLC1) >show wgb summary
 WGB Vlan Client Support.......................... Enabled
 Number of WGBs................................... 1
 MAC Address        IP Address      AP Name            Status    WLAN  Auth  Protocol          Clients
 -----------------  --------------- -----------------  --------- ----  ----  ----------------  -------
 58:8d:09:03:e3:1c  10.35.80.110    AP001              Assoc     3     Yes   802.11g            2
(WLC1) >show wgb detail 58:8d:09:03:e3:1c
 Number of wired client(s): 2
 MAC Address        IP Address      AP Name            Mobility   WLAN Auth
 -----------------  --------------- -----------------  ---------- ---- ----
 c4:34:6b:25:80:c8  10.35.81.32     AP001              Local      3    Yes
 38:1c:1a:89:f4:c1  10.35.80.108    AP001              Local      3    Yes
(WLC1) >show client  summary
 Number of Clients................................ 3
 MAC Address       AP Name           Status        WLAN           Auth Protocol         Port Wired
 ----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
 38:1c:1a:89:f4:c1 AP001             Associated    3              Yes  N/A              1    N/A
 58:8d:09:03:e3:1c AP001             Associated    3              Yes  802.11g          1    N/A
 c4:34:6b:25:80:c8 AP001             Associated    3              Yes  N/A              1    N/A
(WLC1) >show client detail 58:8d:09:03:e3:1c --> My WGB
 Client MAC Address............................... 58:8d:09:03:e3:1c
 Client Username ................................. N/A
 AP MAC Address................................... 00:22:bd:98:3a:30
 AP Name.......................................... AP001
 Client State..................................... Associated
 Client NAC OOB State............................. Access
 Workgroup Bridge................................. 2 client(s)
 Wireless LAN Id.................................. 3
 BSSID............................................ 00:22:bd:98:3a:32
 Connected For ................................... 900 secs
 Channel.......................................... 1
 IP Address....................................... 10.35.80.110
 Association Id................................... 1
 Authentication Algorithm......................... Open System
 Reason Code...................................... 1
 Status Code...................................... 0
 Session Timeout.................................. 0
 Client CCX version............................... 5
 Client E2E version............................... No E2E support
 Diagnostics Capability........................... Not Supported
 S69 Capability................................... Not Supported
 QoS Level........................................ Silver
 802.1P Priority Tag.............................. disabled
 WMM Support...................................... Enabled
 Power Save....................................... OFF
 Current Rate..................................... 54.0
 Supported Rates.................................. 1.0,2.0,5.5,11.0,6.0,9.0,
 ............................................. 12.0,18.0,24.0,36.0,48.0,
 ............................................. 54.0
 Mobility State................................... Local
 Mobility Move Count.............................. 0
 Security Policy Completed........................ Yes
 Policy Manager State............................. RUN
 Policy Manager Rule Created...................... Yes
 ACL Name......................................... none
 ACL Applied Status............................... Unavailable
 Policy Type...................................... WPA2
 Authentication Key Management.................... PSK
 Encryption Cipher................................ CCMP (AES)
 Management Frame Protection...................... Yes
 EAP Type......................................... Unknown
 Interface........................................ management
 VLAN............................................. 80
 Quarantine VLAN.................................. 0
 Access VLAN...................................... 80
(WLC1) >show client detail 38:1c:1a:89:f4:c1 --> Switch in vlan 80
 Client MAC Address............................... 38:1c:1a:89:f4:c1
 Client Username ................................. N/A
 AP MAC Address................................... 00:22:bd:98:3a:30
 AP Name.......................................... AP001
 Client State..................................... Associated
 Client NAC OOB State............................. Access
 Workgroup Bridge Client.......................... WGB: 58:8d:09:03:e3:1c
 Wireless LAN Id.................................. 3
 BSSID............................................ 00:22:bd:98:3a:32
 Connected For ................................... 909 secs
 Channel.......................................... 1
 IP Address....................................... 10.35.80.108
 Association Id................................... 0
 Authentication Algorithm......................... Open System
 Reason Code...................................... 1
 Status Code...................................... 0
 Session Timeout.................................. 0
 Client CCX version............................... No CCX support
 QoS Level........................................ Silver
 802.1P Priority Tag.............................. disabled
 WMM Support...................................... Disabled
 Power Save....................................... OFF
 Supported Rates..................................
 Mobility State................................... Local
 Mobility Move Count.............................. 0
 Security Policy Completed........................ Yes
 Policy Manager State............................. RUN
 Policy Manager Rule Created...................... Yes
 ACL Name......................................... none
 ACL Applied Status............................... Unavailable
 Policy Type...................................... WPA2
 Authentication Key Management.................... N/A
 Encryption Cipher................................ None
 Management Frame Protection...................... No
 EAP Type......................................... Unknown
 Interface........................................ management
 VLAN............................................. 80
 Quarantine VLAN.................................. 0
 Access VLAN...................................... 0
 (WLC1) >show client detail c4:34:6b:25:80:c8 --> Client in VLAN 81
 Client MAC Address............................... c4:34:6b:25:80:c8
 Client Username ................................. N/A
 AP MAC Address................................... 00:22:bd:98:3a:30
 AP Name.......................................... AP001
 Client State..................................... Associated
 Client NAC OOB State............................. Access
 Workgroup Bridge Client.......................... WGB: 58:8d:09:03:e3:1c
 Wireless LAN Id.................................. 3
 BSSID............................................ 00:22:bd:98:3a:32
 Connected For ................................... 919 secs
 Channel.......................................... 1
 IP Address....................................... 10.35.81.32
 Association Id................................... 0
 Authentication Algorithm......................... Open System
 Reason Code...................................... 1
 Status Code...................................... 0
 Session Timeout.................................. 0
 Client CCX version............................... No CCX support
 QoS Level........................................ Silver
 802.1P Priority Tag.............................. disabled
 WMM Support...................................... Disabled
 Power Save....................................... OFF
 Supported Rates..................................
 Mobility State................................... Local
 Mobility Move Count.............................. 0
 Security Policy Completed........................ Yes
 Policy Manager State............................. RUN
 Policy Manager Rule Created...................... Yes
 ACL Name......................................... none
 ACL Applied Status............................... Unavailable
 Policy Type...................................... WPA2
 Authentication Key Management.................... N/A
 Encryption Cipher................................ None
 Management Frame Protection...................... No
 EAP Type......................................... Unknown
 Interface........................................ coding
 VLAN............................................. 81
 Quarantine VLAN.................................. 0
 Access VLAN...................................... 81

***Configuring a specific Client VLAN

If wired devices connected to the WGBs Ethernet port should all be assigned to a specific VLAN then we can configure a VLAN for the connected devices. By using this command on the WGB:

WGB(config)# workgroup-bridge client-vlan vlan-id

All the devices connected to the Workgroup Bridge’s Ethernet port are assigned to that VLAN.

That’s all for today 🙂