Is it possible to have wireless & wired client behind a WGB ? This is a query posted in CSC forum given below.
https://supportforums.cisco.com/message/4128630#4128630
Even I think this is not possible, but when I tried it as shown below proven my assumption was wrong.
So here is the testing topology where WGB (3502-BR2) connecting to root AP using 5Ghz band. Wired clients connecting to R3750 switch connected to G0 of WGB where as Wireless clients are connecting to 2.4GHz radio of WGB (MRN-DATA SSID).
Here is the config of the C3750 where SVI defined for vlan 143.
hostname C3750-1 ! ip dhcp excluded-address 192.168.143.1 192.168.143.50 ip dhcp pool VLAN143 network 192.168.143.0 255.255.255.0 default-router 192.168.143.1 dns-server 192.231.203.132 192.231.203.3 domain-name mrn.com ! interface Vlan143 ip address 192.168.143.1 255.255.255.0 ! interface GigabitEthernet1/0/11 description 1142-BR1 switchport access vlan 143 switchport mode access end
Here is the 1142-BR1 config where MRN-WGB ssid defined to associate WGB.
hostname 1140-BR1 ! dot11 ssid MRN-WGB authentication open authentication key-management wpa version 2 wpa-psk ascii Cisco123 ! interface Dot11Radio1 encryption mode ciphers aes-ccm ssid MRN-WGB station-role root infrastructure-client bridge-group 1 ! interface BVI1 ip address 192.168.143.10 255.255.255.0 ! ip default-gateway 192.168.143.1
Here is the WGB (3502-BR2) configuration where I have defined two SSID, One same name as Root AP to associate to it on 5GHz & the MRN-DATA for users association in 2.4GHz.
hostname 3502-BR2 ! dot11 ssid MRN-DATA authentication open authentication key-management wpa version 2 guest-mode wpa-psk ascii Cisco12345 ! dot11 ssid MRN-WGB authentication open authentication key-management wpa version 2 wpa-psk ascii Cisco123 ! interface Dot11Radio0 encryption mode ciphers aes-ccm ssid MRN-DATA station-role root bridge-group 1 ! interface Dot11Radio1 encryption mode ciphers aes-ccm ssid MRN-WGB station-role workgroup-bridge bridge-group 1 ! interface BVI1 ip address dhcp
Here is the R3750 switch configuration.
hostname R3750 ! interface FastEthernet1/0/10 destcription PC1 switchport access vlan 143 switchport mode access spanning-tree portfast ! interface FastEthernet1/0/11 description 3502-BR2 switchport access vlan 143 switchport mode access spanning-tree portfast
Once you do this configuration & connect wired PC to the R3750 switch in vlan 143 switchport you should see clients are getting DHCP from C3750. Also you should see MRN-DATA wireless SSID is visible & you can connect client using the pre-shared key defined.
Here is client association details on WGB where my iPhone connected to MRN-DATA SSID. You can see WGB itself taken an IP from DHCP on vlan 143.
3502-BR2#sh ip int bri | ex un Interface IP-Address OK? Method Status Protocol BVI1 192.168.143.54 YES DHCP up up ! 3502-BR2#sho dot11 associations 802.11 Client Stations on Dot11Radio1: SSID [MRN-WGB] : MAC Address IP address Device Name Parent State a40c.c31a.ee60 192.168.143.10 ap1140-Parent 1140-BR1 - Assoc 802.11 Client Stations on Dot11Radio0: SSID [MRN-DATA] : MAC Address IP address Device Name Parent State 04f7.e4ea.5b66 192.168.143.56 unknown - self Assoc
On Root AP (1142-BR1) you can see all clients behind WGB
1140-BR1#sh dot11 associations 802.11 Client Stations on Dot11Radio1: SSID [MRN-WGB] : MAC Address IP address Device Name Parent State 001f.1618.dfec 192.168.143.57 WGB-client - 44d3.caaf.4343 Assoc 04f7.e4ea.5b66 192.168.143.56 WGB-client - 44d3.caaf.4343 Assoc 44d3.caaf.4343 192.168.143.54 WGB 3502-BR2 self Assoc
Here is the C3750 client information on vlan 143.
C3750-1#sh arp | in Vlan143
Internet 192.168.143.1 - 0000.0c07.ac0a ARPA Vlan143 <- Gateway
Internet 192.168.143.10 62 5475.d0f5.2ee7 ARPA Vlan143 <- 1142-BR1
Internet 192.168.143.54 60 44d3.caaf.4343 ARPA Vlan143 <- 3502-BVI1
Internet 192.168.143.56 0 04f7.e4ea.5b66 ARPA Vlan143 <- iPhone5
Internet 192.168.143.57 3 001f.1618.dfec ARPA Vlan143 <- Wired PC
!
C3750-1#ping 192.168.143.57
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.143.57, timeout is 2 seconds:
!!!!!
You can verify wired device connectivity on R3750 like below.
R3750#sh mac address-table interface f1/0/11 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 143 0000.0c07.ac0a DYNAMIC Fa1/0/11 143 001f.6d21.37cc DYNAMIC Fa1/0/11 143 04f7.e4ea.5b66 DYNAMIC Fa1/0/11 143 44d3.caaf.4343 DYNAMIC Fa1/0/11 Total Mac Addresses for this criterion: 4 R3750#sh mac address-table interface f1/0/10 Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 143 001f.1618.dfec DYNAMIC Fa1/0/10 <-Wired PC
I have not tried configuring multiple vlan & see whether it works. You can try it by yourself & see.
Related Posts
1. WGB-CAPWAP with Multiple VLAN
2. WGB-IOS AP with Multiple VLAN
3. WGB Config Example
4.
mrn-cciew 
I’ve deployed this solution as well to provide a small network cell able to support mDNS for Apple TV devices to wireless clients while also providing access to internet by piggy backing through the bridge AP on the client guest network. One thing that took me quite some time to find out is that you have to enable “aironet extension” on the uplink SSID on the WLC as otherwise the WgB will not connect to the uplink SSID.
Hi Debink,
Thanks for that information.. it may be useful to someone who deploy mDNS in this scenario.
Thanks again
Rasika
Hi Rasika,
Can we do the same with multiple vlans, where access points are in native vlan and users in data vlan.
Here i need to connect the wireless users only. i am noting to do wired.
Please check the below config i done, but some how its not working.
Test_Ap#sh run
Building configuration…
Current configuration : 3079 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Test_Ap
!
enable password 7 02250D4808094E701E1D
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
clock timezone -0500 -5
clock summer-time -0400 recurring
!
!
dot11 syslog
dot11 vlan-name acspos_vlan vlan 300
dot11 vlan-name native_vlan vlan 95
!
dot11 ssid BRIDGE1
vlan 95
authentication open
authentication key-management wpa version 2
wpa-psk ascii 7 xxxxxxxxxxxxxxx
!
dot11 ssid acspos
vlan 300
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxx
!
!
!
username cisco privilege 15 password 7 xxxxxxxxxxxxx
username wlanadmin privilege 15 password 7 xxxxxxxxxxxx
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 300 mode ciphers aes-ccm
!
ssid acspos
!
mbssid
power local 17
power client 17
station-role root
!
interface Dot11Radio0.95
encapsulation dot1Q 95 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.300
encapsulation dot1Q 300
no ip route-cache
bridge-group 13
bridge-group 13 subscriber-loop-control
bridge-group 13 block-unknown-source
no bridge-group 13 source-learning
no bridge-group 13 unicast-flooding
bridge-group 13 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 95 mode ciphers aes-ccm
!
ssid BRIDGE1
!
antenna transmit right-a
antenna receive right-a
station-role workgroup-bridge
infrastructure-client
!
interface Dot11Radio1.95
encapsulation dot1Q 95 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1.300
encapsulation dot1Q 300
no ip route-cache
bridge-group 13
bridge-group 13 subscriber-loop-control
bridge-group 13 block-unknown-source
no bridge-group 13 source-learning
no bridge-group 13 unicast-flooding
bridge-group 13 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
ip address x.x.x.x 255.255.255.0
no ip route-cache
!
ip default-gateway x.x.x.x
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login authentication local
transport input all
line vty 5 15
login authentication local
transport input all
!
end
Hi subbash,
I haven’t test this & you may get it working.
Let me know how testing goes. If I get time, I’ll try to test this for you
HTH
Rasika
Hi Rasika,
Thanks for your quick response. I forgot to mention that the root access point is lwap based and WGB in autonomous based. Is this topology possibel.
Hi Subhash,
In that setup I haven’t test whether it would work first of all.
here is the reference post for standard setup, give it a try & see (I doubted though)
HTH
Rasika
Hi nayarasi
I haven”t test this ;
I would like to know if it is the same case for WGB managed by a WLC ?
Thank you
Helo Rasika
is it possible to reproduce this behavior/mix when the bridge is managed by a WLC .
since wlc 8.0 bridge mode is not supported on APs like 1562E
cordially
Lamine
I haven’t use mesh mode, I am not sure Lamine
Rasika