Tags
Since now a days Autonomous AP deployments are rarely used, it is very hard to find quality documentations(apart from Cisco configuration guides & few support forum docs) how to configure these. To understand basic functions of different types of autonomous configurations(Bridge, Work Group Bridge-WGB, Repeater) I have set up very basic lab configuration (with open authentication without making it complex by adding security related configs) for each type of these deployment.
Here is the first one for wireless bridges. I have two 1310 APs set up as per the below diagram. Wireless bridge is acting as a trunk link where multiple vlan carry through wireless media (instead of wire). Usually this use to connect remote sites where fibre/Copper WAN infrastructure is too expensive/or not available for these remote sites.
In this example we will create two WLANs in AAP1 & bridge them to remote site AAP2. One key point to remember is Non-Root Bridge (NRB) to be connected to Root Bridge (RB) via native vlan SSID in order to carry multiple WLAN(or vlans) through this wireless bridge.
First step is to configure Fa 0/2 switchport as trunk where it connects to AAP1(Root Bridge).
interface FastEthernet0/2 description AAP2 switchport trunk native vlan 110 switchport mode trunk spanning-tree portfast trunk
Next step is to define the required WLAN on AAP1. In my case I will define two WLANs. “BRIDGE” WLAN for AAP2 to associate with AAP1 & “TEST” WLAN to client to associate with these APs. You need to assign these WLANs into radio interface & specify a radio interface role. In this case we have given “Root Bridge” role to AAP1 with “wireless clients” keyword where it will allow normal clients to join this AP. without this”wireless clients” keyword no clients would be able to join except Non Root Bridge (AAP2)
dot11 ssid BRIDGE vlan 110 authentication open ! dot11 ssid TEST vlan 15 authentication open ! interface Dot11Radio0 ssid BRIDGE ssid TEST station-role root bridge wireless-clients
Then on the AAP1 you can configure BVI interface with an IP of Vlan 110 range & configure its gateway as SVI of VLAN 110 created on DS01 (in my case 10.10.110.3). Then configure Radio & Ethernet sub interfaces with dot1q encapsulation for vlan 110 as native vlan. Always bridge group number will be 1 for this native vlan sub interfaces. For other sub interface you can use any group number in the range of [1-255]. If a vlan number is between 1-255 usually use that for the sub interface & group numbering as a best practice.
interface BVI1 ip address 10.10.110.101 255.255.255.0 ! ip default-gateway 10.10.110.3 ! interface Dot11Radio0.15 encapsulation dot1Q 15 bridge-group 15 ! interface Dot11Radio0.110 encapsulation dot1Q 110 native bridge-group 1 ! interface FastEthernet0.15 encapsulation dot1Q 15 bridge-group 15 ! interface FastEthernet0.110 encapsulation dot1Q 110 native bridge-group 1
On the Non Root Bridge (AAP2) station role should be specify as “non-root bridge wireless-clients” with “wireless-clients” keyword allow normal clients to join this AP. Also note that “infrastructure-ssid” command used under SSID “BRIDGE” forced to AAP2 to use that SSID to connect to Root Bridge. An infrastructure SSID must be assigned to the Native VLAN ( vlan 110 in my case). Here is the full config of AAP2.
hostname AAP2 ! dot11 ssid BRIDGE vlan 110 authentication open infrastructure-ssid ! dot11 ssid TEST vlan 15 authentication open ! interface Dot11Radio0 ssid BRIDGE ssid TEST station-role non-root bridge wireless-clients ! interface Dot11Radio0.15 encapsulation dot1Q 15 bridge-group 15 ! interface Dot11Radio0.110 encapsulation dot1Q 110 native bridge-group 1 ! interface FastEthernet0.15 encapsulation dot1Q 15 bridge-group 15 ! interface FastEthernet0.110 encapsulation dot1Q 110 native bridge-group 1 ! interface BVI1 ip address 10.10.110.102 255.255.255.0 ! ip default-gateway 10.10.110.3
“show dot11 associations” & “show dot11 associations all-clients” commands can be used to verify the association of NRB to RB & normal clients to NRB.
AAP1#show dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [BRIDGE] : MAC Address IP address Device Name Parent State 001b.2a30.48c0 10.10.110.102 bridge AAP2 self Assoc ! AAP2#show dot11 associations 802.11 Client Stations on Dot11Radio0: SSID [BRIDGE] : MAC Address IP address Device Name Parent State 001b.2a30.48b0 10.10.110.101 11g-bridge AAP1 - Assoc SSID [TEST] : MAC Address IP address Device Name Parent State 6420.0ce0.2375 10.10.15.53 unknown - self Assoc AAP2#show dot11 associations all-client Address : 001b.2a30.48b0 Name : AAP1 IP Address : 10.10.110.101 Interface : Dot11Radio 0 Device : 11g-bridge Software Version : 12.4 CCX Version : 5 Client MFP : Off State : Assoc Parent : - SSID : BRIDGE VLAN : 110 Hops to Infra : 0 Association Id : 1 Tunnel Address : 0.0.0.0 Key Mgmt type : NONE Encryption : Off Current Rate : 36.0 Capability : WMM ShortHdr ShortSlot Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -76 dBm Connected for : 663 seconds Signal to Noise : 25 dB Activity Timeout : 15 seconds Power-save : Off Last Activity : 0 seconds ago Apsd DE AC(s) : NONE Packets Input : 10658 Packets Output : 141 Bytes Input : 1468541 Bytes Output : 17727 Duplicates Rcvd : 0 Data Retries : 35 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0 Address : 6420.0ce0.2375 Name : NONE IP Address : 10.10.15.53 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : TEST VLAN : 15 Hops to Infra : 2 Association Id : 2 Clients Associated: 0 Repeaters associated: 0 Tunnel Address : 0.0.0.0 Key Mgmt type : NONE Encryption : Off Current Rate : 9.0 Capability : WMM ShortHdr ShortSlot Supported Rates : 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 Voice Rates : disabled Bandwidth : 20 MHz Signal Strength : -89 dBm Connected for : 22 seconds Signal to Noise : 11 dB Activity Timeout : 58 seconds Power-save : Off Last Activity : 2 seconds ago Apsd DE AC(s) : NONE Packets Input : 263 Packets Output : 33 Bytes Input : 15586 Bytes Output : 4899 Duplicates Rcvd : 36 Data Retries : 42 Decrypt Failed : 0 RTS Retries : 0 MIC Failed : 0 MIC Missing : 0 Packets Redirected: 0 Redirect Filtered: 0
This is the basic configuration you need to understand when it comes to basic wireless bridging. In future we will look at configuring this with added security.
Related Posts
1. Lightweight to Autonomous (vice versa) Conversion
2. Multiple SSID Config on Autonomous AP
3. WorkGroup Bridge – WGB Configurations
4. Autonomous AP – Repeater
mrn-cciew 
Excellent post and good luck with your exam in the near future. Your website has been very helpful to me, but I do have a question. Is it possible to connect a non-Cisco wireless bridge to an Cisco autonomous AP? I’m working on a scenario like this and I’m not receiving DHCP and ARP responses to the wired clients behind the bridge. Below is a overview of my topology:
Internet > Cisco Router (871) > Cisco Switch (3560c) > Cisco AP (1042) > Linksys Bridge (WES610N) > Wired Client (WIN7, No DHCP Responses)
This link describes the same issue, but only provides a fix for Controller based APs.
http://www.cisco.com/en/US/docs/wireless/controller/7.4/configuration/guides/lwap/config_lwap_chapter_01011.html
Thanks,
-Ron
Hi Ron,
Thanks for the comment & wishing me good luck… yes that is required in this exam 😉
Regarding your question I have to do some research & see. I think you have to configure your Linksys device as WGB (Workgroup Bridge) and then it can connect to Autonomous or Lightweight. In a normal cisco autonomous AP we would can do this by “station-role work group bridge” on its CLI. I do not know about this linksys specific settings. If I get any info I will posted here..
HTH
Rasika
Thank Rasika for looking into this one for me. I only have a couple months of wireless experience and I’m pulling my hair out on this one. The problem is that the Linksys Bridge has only one mode (bridge) and it’s web interface (No CLI) is very generic. I’m thinking I’m missing a command in the AP or this setup is unsupported. I’ve also posted the same question on the Cisco Support Community. Check it out if you have a chance:
https://supportforums.cisco.com/thread/2218114
Thanks again!
-Ron
I have just found your site and it is a great resource.
Here is my question,
I have 2 AP’s (3501 and 1262) I want to put one on my upper level and the other on the lower level. If I go upstairs i don’t want to loose connnection I just want it to connect to the upper level AP. Would this configuration enable me to do this?
Thank you,
Peter
Hi Peter,
Do you have a WLC to control this or are they operating as two Autonomous mode AP ?
In Autonomous, if you want to have roaming feature, you need to configure WDS (wireless domain services). Below link should give some more info
http://www.cisco.com/en/US/docs/wireless/access_point/12.3_2_JA/configuration/guide/s32roamg.html
HTH
Rasika
I do not have a WLC. They would be acting as two Autonomous mode AP’s. Thanks for the link. I will have a look at it. Do you have any examples on this?
Peter
Hello Nayarasi,
Can the 1242 and the 3501i do wireless bridging? I am googling it and can’t seem to find anything.
Hi Peter,
Yes, they are supporting wireless bridging.
Here is the latest IOS release notes which applicable for 3500
http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/15.2_2_JB.html#wp355587
For 1240 series 12.2(25d)JA2 is the latest to support that AP model. So go with that image for it.
http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_4_25d_JA2rn.html
HTH
Rasika
Hi rasika….I have a query here regarding the Root bridge — Non-root bridge. In this case, can we connect a wired client behind the NRB in the same way as we do for WGB.
i have my Root Ap with its station role as “Root bridge”. On the non-root, there are three options, one is simply configuring it as “non-root” and the other is “non-root bridge” and the last one is “non-root wireless-clients”.
In my case i need to connect wired clients with this non-root config.
Thanks
hi,rasika
Thanks for your post info, I get many important wireless technology from your weblink. i have some confuse with how to control the client access on AP bridge mode,
Could you tell me what difference between the “infrastructure-ssid optional” and ” station-role root or non-root bridge wireless-client”
Hi nayarasi,
Thanks for your post info, I get many important wireless technology from your weblink.
I have 6 access point 1572 series and i want to use all them for point to point Bridges are these possible to use this solution ??
thanks a lot,
Yes, 1572 support autonomous mode of operation. As long as you convert 1572 to autonomous mode, you can configure it as a Root Bridge/Non Root Bridge like any other autonomous AP
HTH
Rasika
Hi nayarasi, i would like to know if we can use 3802E with external antenna for setting up root and non-root bridge . and apart from this can this setup work with mix of 1242 and 3820i AP .
No, I don’t think so. Try 1242 in WGB mode if that is supported.
Hi Nayarasi,
i would like to know if we can use 3802e as RB and NRB , can we use 1242 as NRB with 3802e AP as RB .
I do no think 3802 support those RB/NRB configuration as there is no autonomous code available for those.
Option may be configure it as WGB instead of RB/NRB. Try 1242 as WGB if that support it and connect to 3802 in normal CAPWAP mode.
Rasika
Hi rasika,
Thank’s a lot for your post It’s very helpfull.
I have a question with the wireless bridge. I want to know if It’s possible to connect a workgroup bridge AP under a bridge AP (repeater). I suppose we can but I’m afraid to create a loop in my network.
thanks a lot,
WGB has to connect to Root AP (normal client servicing Access point that can be Autonomous/Standalone or Lightweight/WLC-managed)
Hi Nayarasi,
Your document is very informative and helped me with the solution of my problem. Question though, we have 3 AP which are all autonomous mode. We are planning to configure 1 as RB and the rest will be NRB which will be associated to the RB. Will there be a problem or limitations in terms of connectivity? Does it have to be all in Dot11radio0 or it can be mixed?
Radio 0 is 2.4GHz, Radio 1 is 5GHz. Therefore you cannot mix, if root AP role on 2.4GHz radio of one AP, other non-root AP has to be on the same frequency. However, you can configure RB role on both radios and then you can configure non-root role on both radios as well.
HTH
Rasika
Hello Nayarasi,
Thanks for this post — it’s been very informative. A similar challenge for 2021: how can we use two AIR-15xx APs to connect a group of Wired users to a LAN located in a building across the street? Would this be as simple as a root bridge AP connecting to a non-root bridge AP, with the non-root bridge AP connecting to a switch (and the Wired users connecting to the switch)?
I would value any input you have, and would be excited to see a new blog post on this topic.
Thanks!
– Matte
Hi Matte, Those newer wave 2 AP model (15xx) does not got Autonomous Image to support root/non-root modes. One option is use it with WLC in mesh mode
Rasika