Autonomous AP as Wireless Bridge with Multiple VLAN

In last post we learned about how to setup a root and non-root bridge. In this post we will see the configuration for multiple VLAN on Root, Non-Root Bridge for wireless clients.

Topology is same as it was in last post: Autonomous AP as Wireless Bridge

Again here I will use WPA2-PSK to authenticate both WLAN. One WLAN for Root-AP to Wireless-Bridge communication and other WLAN for clients to authenticate.

We will not waste our much time on theory, let’s directly jump to configuration:

Root AP:

hostname Root-AP
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open
 authentication key-management wpa version 2
 infrastructure-ssid
 wpa-psk ascii 7 0822455D0A16544541
 !
 dot11 ssid BRIDGE-CLIENT
 vlan 81
 authentication open
 authentication key-management wpa version 2
 wpa-psk ascii 7 094F471A1A0A464058
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 encryption vlan 81 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 ssid BRIDGE-CLIENT
 !
 station-role root bridge wireless-clients
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface Dot11Radio0.81
 encapsulation dot1Q 81
 bridge-group 81
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.81
 encapsulation dot1Q 81
 bridge-group 81
 !
 interface BVI1
 ip address 10.35.80.110 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254

Wireless-Bridge:

hostname Wireless-Bridge
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open
 authentication key-management wpa version 2
 guest-mode
 infrastructure-ssid
 wpa-psk ascii 7 030752180500701E1D
 !
 dot11 ssid BRIDGE-CLIENT
 vlan 81
 authentication open
 authentication key-management wpa version 2
 guest-mode
 wpa-psk ascii 7 14141B180F0B7B7977
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 encryption vlan 81 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 ssid BRIDGE-CLIENT
 !
 station-role non-root bridge wireless-clients
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface Dot11Radio0.81
 encapsulation dot1Q 81
 bridge-group 81
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.81
 encapsulation dot1Q 81
 bridge-group 81
 !
 interface BVI1
 ip address 10.35.80.111 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254

That’s all for configuration. Now we are ready to test a client for VLAN 81.

Root-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 003a.9a3e.a380 10.35.80.111    bridge        Wireless-Bridge self           Assoc
 ac7b.a1d1.c289 10.35.81.157    Br-client     Wireless-Bridge 003a.9a3e.a380 Assoc
 Root-AP#
 Root-AP#sh dot11 associations  003a.9a3e.a380
 Address           : 003a.9a3e.a380     Name             : Wireless-Bridge
 IP Address        : 10.35.80.111       Interface        : Dot11Radio 0
 Device            : bridge             Software Version : 12.4
 CCX Version       : 5                  Client MFP       : On
 State             : Assoc              Parent           : self
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 1                  Association Id   : 1
 Clients Associated: 2                  Repeaters associated: 0
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2 PSK          Encryption       : AES-CCMP
 Current Rate      : 48.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -6   dBm           Connected for    : 58 seconds
 Signal to Noise   : 82  dB            Activity Timeout : 30 seconds
 Power-save        : Off                Last Activity    : 1 seconds ago
 Apsd DE AC(s)     : NONE
  
 Packets Input     : 25049              Packets Output   : 6732
 Bytes Input       : 4102567            Bytes Output     : 1025396
 Duplicates Rcvd   : 0                  Data Retries     : 1185
 Decrypt Failed    : 0                  RTS Retries      : 29
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
 Session timeout   : 0 seconds
 Reauthenticate in : never
 
Root-AP#sh dot11 associations  ac7b.a1d1.c289
 Address           : ac7b.a1d1.c289     Name             : Wireless-Bridge
 IP Address        : 10.35.81.157       Interface        : Dot11Radio 0
 Device            : Br-client          Software Version : NONE
 CCX Version       : NONE               Client MFP       : Off
  
 State             : Assoc              Parent           : 003a.9a3e.a380
 SSID              : RSCCIEW
 VLAN              : 81
 Hops to Infra     : 0
 Clients Associated: 0                  Repeaters associated: 0

Autonomous AP as Wireless Bridge

In this post we will learn how to configure AP as wireless bridge. I tried to find the documents on cisco but they are very limited.

Let’s learn something about Wireless Bridges.

Here is my Topology:

Wirelessbridge1

I have two 1240 model APs.

Root-AP: 10.35.80.110

Wireless-Bridge: 10.35.80.111

A wireless bridge is a Layer 2 device; it connects two or more LANs, which can be in different buildings, through the wireless interface. Wireless bridges provide higher data rates and superior throughput for data-intensive and line of sight applications. Wireless bridges eliminate the need for expensive leased lines and fiber-optic cables and mostly used to connect two sites where either WAN line is not available or available but expensive.

In this post I will create a WLAN “RSCCIEW” to connect Root-AP & Wireless-Bridge.

Remembering Points:

  • It will always connect to Root-AP via Native VLAN.
  • It can support multiple VLAN. (Not like Repeater).

Let’s start with configuration:

Basic Root-AP/Wireless-Bridge Configuration with WPA2 encryption/single SSID.

Root AP:

hostname Root-AP
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open
 authentication key-management wpa version 2
 infrastructure-ssid
 wpa-psk ascii 7 0822455D0A16544541
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root bridge wireless-clients
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.110 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254

Wireless-Bridge:

hostname Wireless-Bridge
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open
 authentication key-management wpa version 2
 guest-mode
 infrastructure-ssid
 wpa-psk ascii 7 030752180500701E1D
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role non-root bridge wireless-clients
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 speed 100
 full-duplex
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.111 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254

Once completion of configuration, we will these logs:

*Dec 17 12:44:24.301: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [None WPAv2 PSK]
Root-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 003a.9a3e.a380 10.35.80.111    bridge        Wireless-Bridge self           Assoc
  
 Root-AP#sh dot11 associations 003a.9a3e.a380
 Address           : 003a.9a3e.a380     Name             : Wireless-Bridge
 IP Address        : 10.35.80.111       Interface        : Dot11Radio 0
 Device            : bridge             Software Version : 12.4
 CCX Version       : 5                  Client MFP       : On
 State             : Assoc              Parent           : self
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 1                  Association Id   : 1
 Clients Associated: 1                  Repeaters associated: 0
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2 PSK          Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -13  dBm           Connected for    : 267 seconds
 Signal to Noise   : 75  dB            Activity Timeout : 30 seconds
 Power-save        : Off                Last Activity    : 1 seconds ago
 Apsd DE AC(s)     : NONE
  
 Packets Input     : 5988               Packets Output   : 3377
 Bytes Input       : 883945             Bytes Output     : 513196
 Duplicates Rcvd   : 0                  Data Retries     : 233
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
 Session timeout   : 0 seconds
 Reauthenticate in : never
 Root-AP#

Now let’s connect a client to Wireless-Bridge and see its status:

Root-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 003a.9a3e.a380 10.35.80.111    bridge        Wireless-Bridge self           Assoc
 ac7b.a1d1.c289 10.35.80.109    Br-client     Wireless-Bridge 003a.9a3e.a380 Assoc
 Root-AP#
 Root-AP#sh dot11 associations 003a.9a3e.a380
 Address           : 003a.9a3e.a380     Name             : Wireless-Bridge
 IP Address        : 10.35.80.111       Interface        : Dot11Radio 0
 Device            : bridge             Software Version : 12.4
 CCX Version       : 5                  Client MFP       : On
 State             : Assoc              Parent           : self
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 1                  Association Id   : 1
 Clients Associated: 2                  Repeaters associated: 0
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2 PSK          Encryption       : AES-CCMP
 Current Rate      : 54.0               Capability       : WMM ShortHdr ShortSlot
 Supported Rates   : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -6   dBm           Connected for    : 127 seconds
 Signal to Noise   : 81  dB            Activity Timeout : 30 seconds
 Power-save        : Off                Last Activity    : 0 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 26129              Packets Output   : 6816
 Bytes Input       : 4276916            Bytes Output     : 1048109
 Duplicates Rcvd   : 0                  Data Retries     : 1204
 Decrypt Failed    : 0                  RTS Retries      : 29
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
 Session timeout   : 0 seconds
 Reauthenticate in : never
 Root-AP#sh dot11 associations ac7b.a1d1.c289
 Address           : ac7b.a1d1.c289     Name             : Wireless-Bridge
 IP Address        : 10.35.80.109       Interface        : Dot11Radio 0
 Device            : Br-client          Software Version : NONE
 CCX Version       : NONE               Client MFP       : Off
 State             : Assoc              Parent           : 003a.9a3e.a380
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 0
 Clients Associated: 0                  Repeaters associated: 0
 Root-AP#

*** If we want to authenticate Wireless-Bridge with LEAP(How to Authenticate with LEAP) or EAP-FAST(How to Authenticate with LEAP) then we have to use the same method as we did for Repeaters. Check my old post to use EAPFAST or LEAP to authenticate Repeater, Wireless Bridge, WGB, and Universal WGB.

Autonomous AP as Repeater with LEAP

In the last post we learnt about Repeater configuration and authenticaion via WPA2-PSK. Here is the link : Autonomous AP as Repeater with WPA2

In last post we also learned the basic concept and theoretical knowledge of repeater and there usage.

In this post we will directly conifgure the Root AP/Repeater AP with LEAP Authentication.

Here is the configuration of Root and Repeater AP.

Root AP:

hostname Root-AP
 !
 aaa new-model
 !
 aaa group server radius rad_eap
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login eap_method group rad_eap
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication network-eap eap_method
 authentication key-management wpa version 2
 infrastructure-ssid
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role root
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.110 255.255.255.0
 no ip route-cache
 !
 ip default-gateway 10.35.80.254
 radius-server local
 nas 10.35.80.110 key 7 070C285F4D06485744
 nas 10.35.80.111 key 7 14141B180F0B7B7977
 user repeater nthash 7 144231535C540C7A77096016074B51332753030D0877705A264F450A09720A7307
 user sandeep nthash 7 101B2A415547345A5F25790801706510064152425325720D7D04075D523D4F780A
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 070C285F4D06485744

Repeater AP:

hostname Repeater-AP
 !
 aaa new-model
 !
 aaa group server radius rad_eap
 server 10.35.80.110 auth-port 1812 acct-port 1813
 !
 aaa authentication login eap_method group rad_eap
 !
 dot11 ssid RSCCIEW
 vlan 80
 authentication open eap eap_method --> also need to add the open EAP for clients which may associate with Repeater AP.
 authentication network-eap eap_method
 authentication key-management wpa version 2
 dot1x credentials LEAP
 dot1x eap profile LEAP
 guest-mode
 infrastructure-ssid
 !
 eap profile LEAP
 method leap
 !
 dot1x credentials LEAP
 username repeater
 password 7 01100F175804
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid RSCCIEW
 !
 station-role repeater
 !
 interface Dot11Radio0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
 !
 interface BVI1
 ip address 10.35.80.111 255.255.255.0
 no ip route-cache
 !
 radius-server host 10.35.80.110 auth-port 1812 acct-port 1813 key 7 030752180500701E1D

This is the notification we get after authentication:

 *Dec 17 10:40:02.500: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associated To AP Root-AP 003a.9914.1370 [LEAP WPAv2]

Here is the client status:

Root-AP#sh dot11 associations
 802.11 Client Stations on Dot11Radio0:
 SSID [RSCCIEW] :
 MAC Address    IP address      Device        Name            Parent         State
 2894.0fa8.a594 10.35.80.111    ap1240-Rptr   Repeater-AP     self           EAP-Assoc
 ac7b.a1d1.c289 10.35.80.109    Rptr-client   Repeater-AP     2894.0fa8.a594 EAP-Assoc
 Root-AP#
 Root-AP#sh dot11 ass
 Root-AP#sh dot11 associations  ac7b.a1d1.c289
 Address           : ac7b.a1d1.c289     Name             : Repeater-AP
 IP Address        : 10.35.80.109       Interface        : Dot11Radio 0
 Device            : Rptr-client        Software Version : NONE
 CCX Version       : NONE               Client MFP       : Off
 State             : EAP-Assoc          Parent           : 2894.0fa8.a594
 SSID              : RSCCIEW
 VLAN              : 80
 Hops to Infra     : 0
 Clients Associated: 0                  Repeaters associated: 0
 Root-AP#

In the next post we will learn how to Authenticate Repeater via EAP-FAST.

WGB with LEAP in UWNS

In this post we will see how to configure the WGB with WPA2-Dot1x LEAP authentication security in Unified Wireless Network Solutions.

I have a lightweight AP (AP001) connected to WLC1 in local mode.

DHCP functionality is defined on Core switch for VLAN 80

WGB and Client will get IP in VLAN 80.

Here is my Topology

WGB°°°°°°°°°°°°°LAP—————-Switch————–WLC

Leap1

WLC Configuration:

First we have to configure a WLAN “Test” with WPA2 policy and 802.1x authentication key management.

Leap2

Leap3

Now we have to create an EAP Profile “WGB_TEST” and assign it to WLAN for LEAP authentication.

Leap4

Leap5

We must assign the order of authentication for local EAP.

Leap6

End of WLC configuration, we should create a username and password to authenticate with WGB and assign this user to specific WLAN.

Leap7

WGB Configuration:

Here is the configuration for Work Group Bridge.

hostname WGB
 !
 dot11 ssid Test
 vlan 80
 authentication open eap eap_Leap
 authentication network-eap eap_Leap
 authentication key-management wpa version 2
 dot1x credentials WGB_LEAP
 dot1x eap profile WGB_TEST
 !
 eap profile WGB_TEST
 method leap
 !
 dot1x credentials WGB_LEAP
 username sandeep
 password 7 105A0C0A114640585851
 !
 interface Dot11Radio0
 no ip address
 no ip route-cache
 shutdown
 !
 interface Dot11Radio1
 no ip address
 no ip route-cache
 !
 encryption vlan 80 mode ciphers aes-ccm
 !
 ssid Test
 !
 station-role workgroup-bridge
 !
 interface Dot11Radio1.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface FastEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 !
 interface FastEthernet0.80
 encapsulation dot1Q 80 native
 no ip route-cache
 bridge-group 1
 !
 interface BVI1
 ip address DHCP
 no ip route-cache
 !
 ip default-gateway 10.35.80.254
 bridge 1 address 588d.0903.e31c forward fastethernet0.80 -->Used to add permanent entry in WGB Table

Just after completing the configuration we will see this message on WGB CLI:

*Jul 24 01:25:59.817: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio1, Associated To AP AP001 0022.bd98.3a3d [LEAP WPAv2]

Verification:

WGB#sh dot11 associations
 802.11 Client Stations on Dot11Radio1:
 SSID [Test] :
 MAC Address    IP address      Device        Name            Parent         State
 0022.bd98.3a3d 10.35.80.1      LWAPP-Parent AP001           -              EAP-Assoc
WGB#sh dot11 associations 0022.bd98.3a3d
 Address           : 0022.bd98.3a3d     Name             : AP001
 IP Address        : 10.35.80.1         Interface        : Dot11Radio 1
 Device            : LWAPP-Parent      Software Version : NONE
 CCX Version       : 5                  Client MFP       : On
 State             : EAP-Assoc          Parent           : -
 SSID              : Test
 VLAN              : 80
 Hops to Infra     : 0                  Association Id   : 1
 Tunnel Address    : 0.0.0.0
 Key Mgmt type     : WPAv2              Encryption       : AES-CCMP
 Current Rate      : 48.0               Capability       : WMM 11h
 Supported Rates   : 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
 Voice Rates       : disabled           Bandwidth        : 20 MHz
 Signal Strength   : -75  dBm           Connected for    : 296 seconds
 Signal to Noise   : 23  dB            Activity Timeout : 15 seconds
 Power-save        : Off                Last Activity    : 0 seconds ago
 Apsd DE AC(s)     : NONE
 Packets Input     : 5097               Packets Output   : 266
 Bytes Input       : 944287             Bytes Output     : 26379
 Duplicates Rcvd   : 0                  Data Retries     : 121
 Decrypt Failed    : 0                  RTS Retries      : 0
 MIC Failed        : 0                  MIC Missing      : 0
 Packets Redirected: 0                  Redirect Filtered: 0
(WLC1) >show wgb summary
 WGB Vlan Client Support.......................... Enabled
 Number of WGBs................................... 1
 MAC Address        IP Address      AP Name            Status    WLAN  Auth  Protocol          Clients
 -----------------  --------------- -----------------  --------- ----  ----  ----------------  -------
 58:8d:09:03:e3:1c  10.35.80.110    AP001              Assoc     3     Yes   802.11a            0
(WLC1) >show client summary
 Number of Clients................................ 1
 MAC Address       AP Name           Status        WLAN           Auth Protocol         Port Wired
 ----------------- ----------------- ------------- -------------- ---- ---------------- ---- -----
 58:8d:09:03:e3:1c AP001             Associated    3              Yes  802.11a          1    N/A
(WLC1) >show client detail 58:8d:09:03:e3:1c
 Client MAC Address............................... 58:8d:09:03:e3:1c
 Client Username ................................. sandeep
 AP MAC Address................................... 00:22:bd:98:3a:30
 AP Name.......................................... AP001
 Client State..................................... Associated
 Client NAC OOB State............................. Access
 Workgroup Bridge................................. 0 client(s)
 Wireless LAN Id.................................. 3
 BSSID............................................ 00:22:bd:98:3a:3d
 Connected For ................................... 445 secs
 Channel.......................................... 36
 IP Address....................................... 10.35.80.110
 Association Id................................... 1
 Authentication Algorithm......................... Open System
 Reason Code...................................... 1
 Status Code...................................... 0
 Client CCX version............................... 5
 Client E2E version............................... No E2E support
 Diagnostics Capability........................... Not Supported
 S69 Capability................................... Not Supported
 Re-Authentication Timeout........................ 85947
 QoS Level........................................ Silver
 802.1P Priority Tag.............................. disabled
 WMM Support...................................... Enabled
 Power Save....................................... OFF
 Current Rate..................................... 54.0
 Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0,
 ............................................. 48.0,54.0
 Mobility State................................... Local
 Mobility Move Count.............................. 0
 Security Policy Completed........................ Yes
 Policy Manager State............................. RUN
 Policy Manager Rule Created...................... Yes
 ACL Name......................................... none
 ACL Applied Status............................... Unavailable
 Policy Type...................................... WPA2
 Authentication Key Management.................... 802.1x
 Encryption Cipher................................ CCMP (AES)
 Management Frame Protection...................... Yes
 EAP Type......................................... LEAP
 Interface........................................ management
 VLAN............................................. 80
 Quarantine VLAN.................................. 0
 Access VLAN...................................... 80

In the next post we will see how to configure WGB with EAP-FAST in UWNS 🙂