Since WGB AP acting as client, it can be associated to any (Autonomous or Lightweight) other AP. In this post we will see how WGB associated with a CAPWAP AP. Here is the setup for this post (Note that CAPWAP AP acting as root AP for WGB).
There are few guidelines you need to remember in this set up.
1. Only WGB in client mode supported. (so in WGB – no infrastructure clientconfiguration is required)
2. CCKM, H-REAP, Web Authentication, Idle time out not supported.
3. MAC filtering, Link tests, Idle timeout for wired clients connected to WGB is not supported.
4. WGB only support 20 clients
5. Wired client behind WGB to connect to Anchor controller you have to enable vlans in WGB (using config wgb vlan enable command)
Let’s test this with open authentication & later on will add security. First you have to define a WLAN (called WGB-CAPWAP) on the controller where WGB can associate.
Now in the WGB (AAP2 ) here is the configuration. It’s pretty straight forward & very simple.
dot11 ssid WGB-CAPWAP authentication open ! interface Dot11Radio1 ssid WGB-CAPWAP station-role workgroup-bridge
I have configured the AAP2 BVI1 interface to dhcp to simulate a wired device behind the WGB. On the WLC, if you look at Monitor-> Clients you can see WGB associated & client is shown as a WGB.
You can verify this via WLC CLI as well.
(WLC2) >show wgb summary WGB Vlan Client Support.......................... Disabled Number of WGBs................................... 1 MAC Address IP Address AP Name Status WLAN Auth Protocol Clients ----------------- --------------- ----------------- --------- ---- ---- ---------------- ------- 68:ef:bd:0f:d9:5a 10.10.15.54 LAP2 Assoc 9 Yes 802.11n(5 GHz) 1 (WLC2) >show wgb detail 68:ef:bd:0f:d9:5a Number of wired client(s): 1 MAC Address IP Address AP Name Mobility WLAN Auth ----------------- --------------- ----------------- ---------- ---- ---- 00:1f:16:18:df:ec 10.10.15.52 LAP2 Local 9 Yes
Let’s say you want to tunnel this WGB wired client traffic to Anchor controller (WLC1 with IP 10.10.111.10 not shown in the diagram). See Auto-Anchor Mobility post to see how you can configure this.
Without enabling VLANs in WGB you cannot anchored wired client onto Anchor controller. You will see something like this when try to connect wired client to WGB. Here is the WLC1 (Anchor) & WLC2 (Foreign) CLI output.
(WLC2) >show client summary Number of Clients................................ 1 MAC Address AP Name Status WLAN/GLAN Auth Protocol Port Wired ----------------- ----------------- ------------- -------------- ---- ---------------- ---- ----- 68:ef:bd:0f:d9:5a LAP2 Excluded 9 No 802.11n(5 GHz) 29 No (WLC2) >show client detail 68:ef:bd:0f:d9:5a Client MAC Address............................... 68:ef:bd:0f:d9:5a Client Username ................................. N/A AP MAC Address................................... a0:cf:5b:9e:e8:20 AP Name.......................................... LAP2 Client State..................................... Excluded Client NAC OOB State............................. Access Workgroup Bridge................................. 0 client(s) Wireless LAN Id.................................. 9 BSSID............................................ a0:cf:5b:9e:e8:27 Connected For ................................... 27 secs Channel.......................................... 149 IP Address....................................... Unknown Association Id................................... 0 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Session Timeout.................................. 1800 Client CCX version............................... 5 Client E2E version............................... No E2E support Diagnostics Capability........................... Not Supported S69 Capability................................... Not Supported Mirroring........................................ Disabled QoS Level........................................ Silver 802.1P Priority Tag.............................. disabled WMM Support...................................... Enabled Power Save....................................... OFF Supported Rates.................................. 6.0,9.0,12.0,18.0,24.0,36.0, ............................................. 48.0,54.0 Mobility State................................... None Mobility Move Count.............................. 0 Security Policy Completed........................ No Policy Manager State............................. DHCP_REQD Policy Manager Rule Created...................... Yes ACL Name......................................... none ACL Applied Status............................... Unavailable NPU Fast Fast Notified........................... No Policy Type...................................... N/A Encryption Cipher................................ None Management Frame Protection...................... No EAP Type......................................... Unknown Interface........................................ management VLAN............................................. 112 Quarantine VLAN.................................. 0 Access VLAN...................................... 112 Client Capabilities:
Once you configure “config wgb vlan enable” on your controller you will see wired client behind WGB gets an IP in vlan 13 (provided by Anchor Controller- WLC1). Here is the some verification commands
(WLC1) >show wgb summary WGB Vlan Client Support.......................... Enabled Number of WGBs................................... 1 MAC Address IP Address AP Name Status WLAN Auth Protocol Clients ----------------- --------------- ----------------- --------- ---- ---- ---------------- ------- 68:ef:bd:0f:d9:5a 10.10.13.12 10.10.112.10 Assoc 9 Yes Mobile 1 (WLC1) >show wgb detail 68:ef:bd:0f:d9:5a Number of wired client(s): 1 MAC Address IP Address AP Name Mobility WLAN Auth ----------------- --------------- ----------------- ---------- ---- ---- 5c:26:0a:65:8f:37 10.10.13.14 10.10.112.10 ExpAnchor 9 Yes (WLC1) >show client summary Number of Clients................................ 3 MAC Address AP Name Status WLAN/GLAN Auth Protocol Port Wired ----------------- ----------------- ------------- -------------- ---- ---------------- ---- ----- 00:1f:16:18:df:ec 10.10.112.10 Associated 9 No Mobile 1 No 5c:26:0a:65:8f:37 10.10.112.10 Associated 9 Yes Mobile 1 No 68:ef:bd:0f:d9:5a 10.10.112.10 Associated 9 Yes Mobile 1 No (WLC1) >show client detail 5c:26:0a:65:8f:37 Client MAC Address............................... 5c:26:0a:65:8f:37 Client Username ................................. N/A AP MAC Address................................... 00:00:00:00:00:00 AP Name.......................................... N/A Client State..................................... Associated Client NAC OOB State............................. Access Workgroup Bridge Client.......................... WGB: 68:ef:bd:0f:d9:5a Wireless LAN Id.................................. 9 BSSID............................................ 00:00:00:00:00:ff Connected For ................................... 775 secs Channel.......................................... N/A IP Address....................................... 10.10.13.14 Association Id................................... 0 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Session Timeout.................................. 1800 Client CCX version............................... No CCX support Mirroring........................................ Disabled QoS Level........................................ Silver 802.1P Priority Tag.............................. 3 WMM Support...................................... Disabled Supported Rates.................................. Mobility State................................... Export Anchor Mobility Foreign IP Address...................... 10.10.112.10 Mobility Move Count.............................. 1 Security Policy Completed........................ Yes Policy Manager State............................. RUN Policy Manager Rule Created...................... Yes ACL Name......................................... none ACL Applied Status............................... Unavailable NPU Fast Fast Notified........................... Yes Policy Type...................................... N/A Encryption Cipher................................ None Management Frame Protection...................... No EAP Type......................................... Unknown Interface........................................ vlan13 VLAN............................................. 13 Quarantine VLAN.................................. 0 Access VLAN...................................... 13
Here is the output on WLC2 (Foreign Controller)
(WLC2) >show wgb summary WGB Vlan Client Support.......................... Enabled Number of WGBs................................... 1 MAC Address IP Address AP Name Status WLAN Auth Protocol Clients ----------------- --------------- ----------------- --------- ---- ---- ---------------- ------- 68:ef:bd:0f:d9:5a 10.10.13.12 LAP2 Assoc 9 Yes 802.11n(5 GHz) 1 (WLC2) >show wgb detail 68:ef:bd:0f:d9:5a Number of wired client(s): 1 MAC Address IP Address AP Name Mobility WLAN Auth ----------------- --------------- ----------------- ---------- ---- ---- 5c:26:0a:65:8f:37 Unknown LAP2 ExpForeign 9 Yes (WLC2) >show client detail 5c:26:0a:65:8f:37 Client MAC Address............................... 5c:26:0a:65:8f:37 Client Username ................................. N/A AP MAC Address................................... a0:cf:5b:9e:e8:20 AP Name.......................................... LAP2 Client State..................................... Associated Client NAC OOB State............................. Access Workgroup Bridge Client.......................... WGB: 68:ef:bd:0f:d9:5a Wireless LAN Id.................................. 9 BSSID............................................ a0:cf:5b:9e:e8:27 Connected For ................................... 1078 secs Channel.......................................... 149 IP Address....................................... Unknown Association Id................................... 0 Authentication Algorithm......................... Open System Reason Code...................................... 1 Status Code...................................... 0 Session Timeout.................................. 0 Client CCX version............................... No CCX support Mirroring........................................ Disabled QoS Level........................................ Silver 802.1P Priority Tag.............................. disabled WMM Support...................................... Disabled Power Save....................................... OFF Supported Rates.................................. Mobility State................................... Export Foreign Mobility Anchor IP Address....................... 10.10.111.10 Mobility Move Count.............................. 0 Security Policy Completed........................ Yes Policy Manager State............................. RUN Policy Manager Rule Created...................... Yes ACL Name......................................... none ACL Applied Status............................... Unavailable NPU Fast Fast Notified........................... Yes Policy Type...................................... N/A Encryption Cipher................................ None Management Frame Protection...................... No EAP Type......................................... Unknown Interface........................................ management VLAN............................................. 112 Quarantine VLAN.................................. 0 Access VLAN...................................... 0
That’s pretty much it. I will leave security settings for you to practice and add preferred method of security of this WGB client.
Related Posts
1. Lightweight to Autonomous (vice versa) Conversion
2. Multiple SSID Config on Autonomous AP
3. Autonomous AP – Wireless Bridges
4. WorkGroup Bridge – WGB Configurations
5. Autonomous AP – Repeater
6. Configuring Authentication in AAP
7. Autonomous AP – QoS
8. WGB with EAP-FAST
