Cisco 4400 Series Wireless LAN Controllers

Document ID: 100254

Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Workgroup Bridge in a Ciso Unifed Wireless Network
      Workgroup Bridge Limitations
      MAC Filtering for WGB Wired Clients
Configure
      Network Diagram
      How to Configure the Workgroup Bridge
      How to Configure the Wireless LAN Controller (WLC)
Verify and Troubleshoot
      Verify
      Troubleshoot
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document provides an example for the configuration of Cisco Autonomous IOS^® access points to operate in Workgroup Bridge (WGB) mode and connect to a Cisco Unified Wireless network.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

• Knowledge of Cisco Autonomous solution and Cisco IOS-based Access Points.

• Knowledge of Light Weight Access Point Protocol (LWAPP)

Components Used

The information in this document is based on these software and hardware versions:

• Cisco 1231G AP that runs Cisco IOS Software Release 12.3 (8)JEC

• Cisco 4400 WLC that runs version 4.2

• Cisco 1130 series Light Weight AP

The WGB can be any Cisco Autonomous Access Point that supports the Workgroup Bridge mode and runs Cisco IOS Software Release 12.4(3g)JA or later (on 32-MB access points) or Cisco IOS Software Release 12.3(8)JEB or later (on 16-MB access points). These access points include the AP1120, AP1121, AP1130, AP1231, AP1240, and AP1310. Cisco IOS software releases prior to Cisco IOS Software Releases 12.4(3g)JA and 12.3(8)JEB are not supported.

On the Wireless LAN Controller, you should have software version 4.1.185.0 or later. The Workgroup Bridge mode is not supported on the controller on any of the earlier versions.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Workgroup Bridge in a Ciso Unifed Wireless Network

The 1100, 1130, 1200, 1230, and 1240 series access points can be configured to operate as a workgroup bridge. When you configure the access point to operate as a workgroup bridge and connect to a Cisco Unified network, it can provide wireless connectivity to wired clients that are connected by Ethernet to the workgroup bridge access point. For example, if you need to provide wireless connectivity for a group of wired devices, you can connect the devices to a hub or to a switch, connect the hub or switch to the access point Ethernet port, and configure the access point as a workgroup bridge.

A workgroup bridge connects to a wired network over a single wireless segment by learning the MAC address of its wired clients on the Ethernet interface and reporting them to the lightweight access point using Internet Access Point Protocol (IAPP) messaging. The workgroup bridge provides wireless access connectivity to wired clients by establishing a single connection to the lightweight access point. The lightweight access point treats the workgroup bridge as a wireless clients.

If your access point has two radios, either the 2.4-GHz radio or the 5-GHz radio can function in workgroup bridge mode. When you configure one radio interface as a workgroup bridge, the other radio interface the other remains up.

Workgroup Bridge Limitations

There are a few limitations when using the AP in WGB mode:

• Only WGBs in client mode (which is the default value) are supported. Those in infrastructure mode are not supported.

• Multiple VLANs are not supported for use with WGBs.

• A maximum of 20 clients can be connected to the WGB.

• These features are not supported for use with a WGB:

  • Cisco Centralized Key Management (CCKM)

  • Hybrid REAP

  • Idle timeout

  • Web authentication

• If a WGB associates to a web-authentication WLAN, the WGB is added to the exclusion list, and all of the WGB wired clients are deleted

• These features are not supported for wired clients connected to a WGB:

  • MAC filtering

  • Link tests

  • Idle timeout

The next section provides an example for the configuration of a WGB on a Autonomous AP and connecting the WGB to a Cisco Unified Wireless network.

MAC Filtering for WGB Wired Clients

Controller software release 4.1.178.0 or later enables you to configure a MAC-filtering IP address for a workgroup bridge (WGB) wired client in order to allow passive WGB wired clients, such as terminal servers or printers with static IP addresses, to be added and remain in the client table of the controller while the WGB is associated to a controller in the mobility group. This feature, activated by the config macfilter ipaddress <MAC_address> <IP_address> CLI command, can be used with any passive device that does not initiate any traffic but waits for another device to start communication.

This feature allows the controller to learn the IP address of a passive WGB wired client when the WGB sends an IAPP message to the controller that contains only the MAC address of the WGB wired client. When this message is received from the WGB, the controller checks the local MAC filter list or, if the WGB has roamed, the MAC filter list of the anchor controller for the MAC address of the client. If an entry is found and it contains an IP address for the client, the controller adds the client to the client table of the controller.

Unlike the existing MAC filtering feature for wireless clients, you are not required to enable MAC filtering on the WLAN for WGB wired clients.WGB wired clients who use MAC filtering do not need to obtain an IP address through DHCP to be added to the client table of the controller.

Configure

In our example, the 1231 Autonomous Access Point is configured as a Workgroup Bridge and connects to the LWAPP network. Use the SSID WGB_LWAPP for the connection to the WLAN and use the Open authentication with WEP for the authentication of the WGB to the LWAPP network.

Note: Open authentication with WEP is NOT a secure method for authenticating devices. It is recommended to use advanced authentication methods like EAP-FAST, PEAP and so forth in order to secure the WLAN. This document uses Open with WEP only for simplicity.

Note: Use the Command Lookup Tool ( registered customers only) in order to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

This document assumes that the WLC is configured for basic operation and that the LAPs are registered to the WLC. Refer to Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC) for more information on how a new user can set up the WLC for basic operation with LAPs.

How to Configure the Workgroup Bridge

The workgroup bridge can be configured either using the CLI or the GUI.

Complete these steps in order to configure the Workgroup Bridge with the GUI:

1. The first step is to configure an SSID using which the WGB can connect to the LWAPP network. Complete these steps in order to do this:

   1. Choose Security > SSID Manager in the menu on the left. The SSID Manager page displays.

   2. Enter the SSID name, VLAN ID and the RADIO interface. This example uses WGB_LWAPP as the SSID.

   3. In Authentication Settings, choose Open Authentication.

   4. Leave all other parameters with their default values.

   5. Click Apply at the bottom of the page.

      

   6. In order to configure the WEP keys, choose Security > Encryption Manager

   7. Click WEP Encryption under Encryption Modes, and choose Mandatory from the drop-down menu.

   8. Enter the encryption key for WEP in the Encryption Keys area. The WEP encryption keys can be 40 bits or 128 bits in length. This example uses the 128-bit WEP encryption key 123456789123456789abc.

      

   9. Click Apply in order to save the settings.

2. The next step is to configure the AP as a WGB. Complete these steps in order to do this:

   1. Click Network Interfaces in the menu on the left in order to browse to the Network Interfaces Summary page.

   2. Choose the radio interface that you want to configure as WGB. This example uses interface Radio0-802.11G. The action allows you to browse to the Network Interfaces: Radio Status page.

   3. Click the Settings tab in order to browse to the Settings page for the radio interface.

   4. Click Enable in order to enable the radio.

   5. Under Role in Radio Network, choose Workgroup Bridge. This enables the radio to operate in Workgroup Bridge mode.

   6. Leave all the other settings on the page with the default values.

      

   7. Scroll down and click Apply at the bottom of the page in order to save the settings

      Use these commands in order to configure the AP through the CLI.

      AP_WGB#configure terminal
      
      
      !--- Enter configuration commands, one on each line.  End with CNTL/Z.
      
      
      AP_WGB(config)#dot11 ssid WGB_LWAPP
      
      AP_WGB(config-ssid)#authentication open
      
      AP_WGB(config-ssid)#guest-mode
      
      AP_WGB(config-ssid)#exit
      
      AP_WGB(config)#interface  dot11Radio 0
      
      AP_WGB(config)#station-role workgroup-bridge
      
      AP_WGB(config-if)#encryption vlan 2 mode wep mandatory
      
      AP_WGB(config-if)#encryption vlan 2 key 1 size 128bit 12345678912345678912345678
      
      AP_WGB(config-if)#WGB_LWAPP
      
      AP_WGB(config-if)#end 

How to Configure the Wireless LAN Controller (WLC)

On the Wireless LAN Controller, you should create a WLAN that matches the SSID and security method that was configured on the workgroup bridge. This is the only configuration required on the controller for the WGB to associate with it.

Complete these steps in order to configure a WLAN on the controller:

1. Click WLANs from the controller GUI in order to create a WLAN. The WLANs window appears. This window lists the WLANs configured on the controller.

2. Click New in order to configure a new WLAN. In this example, the WLAN is named WGB_LWAPP.

   

3. Click Apply.

4. In the WLAN > Edit window, define the parameters specific to the WLAN.

   1. Under General Policies, check the Status check box in order to enable the WLAN.

      

   2. Under Security Policies, choose Static WEP for Layer 2 Security and specify the WEP parameters under the section Static WEP Parameters.

      

   3. Change other parameters depending on the design of the network. Click Apply.

      

Verify and Troubleshoot

Verify

Once the WLC and the WGB AP are configured, the WGB associates to the LAP as a client. You can view the status of WGBs on your network with the controller GUI.

From the Controller GUI, choose Monitor > Clients in order to open the Clients page. The WGB field on the right side of the page indicates whether any of the clients on your network are workgroup bridges.

Click the MAC address of the desired client in order to view the details of the WGB. The Clients > Detail page appears.

In order to see the details of any wired clients that are connected to a particular WGB, from the clients page, hover your cursor over the blue drop-down arrow for the desired WGB and choose Show Wired Clients. The WGB Wired Clients page appears.

From the controller CLI, you can use this command in order to view the list of WGBs connected to the network.

show wgb summary

Here is an example:

(Cisco Controller) >show wgb summary

Number of WGBs................................... 1

MAC Address        IP Address      AP Name            Status    WLAN  Auth  Protocol  Clients
-----------------  --------------- -----------------  --------- ----  ----  --------  -------

00:12:7f:63:e6:ca  10.77.244.215   ap:51:5a:e0        Assoc     2     Yes   802.11g   2

Enter this command in order to see the details of any wired clients that are connected to a particular WGB:

show wgb detail wgb_mac_address

Here is an example:

(Cisco Controller) >show wgb detail 00:12:7f:63:e6:ca

Number of wired client(s): 2

MAC Address        IP Address      AP Name            Mobility   WLAN Auth
-----------------  --------------- -----------------  ---------- ---- ----

00:0b:85:5b:fb:d0  Unknown         ap:51:5a:e0        Local      2    No
00:0b:85:51:5a:e0  Unknown         ap:51:5a:e0        Local      2    No

Troubleshoot

A WGB is connected to the Cisco Unified network, which is explained in this document. A printer is connected to the WGB. In such an environment, if the printer sits idle continuously for a significant duration, it can periodically lose connectivity to the rest of the network . In fact, this can affect any device on the WGB's LAN that does not transmit any packets for a significant duration.

This problem is observed mainly with Cisco IOS-based workgroup bridge. The access point shows that the MAC address of the client has disassociated when this problem happens.

This is due to Cisco bug ID CSCsc53460 ( registered customers only) . Refer to this bug in order to understand the related workaround for this issue.

The workaround explained in Cisco bug ID CSCsc53460 ( registered customers only) does not work if the WGB runs Cisco IOS Software Release 12.3(7)JA* or Cisco IOS Software Release 12.3(8)JA* due to Cisco bug ID CSCse32424 ( registered customers only) . Cisco bug ID CSCse32424 ( registered customers only) is fixed in Cisco IOS Software Release 12.3(8)JEA.

NetPro Discussion Forums - Featured Conversations

Related Information

• Wireless LAN Controller and Lightweight Access Point Basic Configuration Example
• Wireless LAN Controller (WLC) Configuration Best Practices
• Technical Support & Documentation - Cisco Systems