19-19
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-11350-01
Chapter19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
The Workgroup Bridge in a Lightweight Environment
The workgroup bridge can be any autonomous access point that supports the workgroup bridge
mode and is running Cisco IOS Release 12.4(3g)JA or greater (on 32-MB access points) or Cisco
IOS Release 12.3(8)JEB or greater (on 16-MB access points). These access points include the
AP1121, AP1130, AP1231, AP1240, and AP1310. Cisco IOS Releases prior to 12.4(eg)JA and
12.3(8)JEB are not supported.
Note If your access point has two radios, you can configure only one for workgroup bridge mode. This radio
is used to connect to the lightweight access point. Cisco recommends that you disable the second radio.
Perform one of the following to enable the workgroup bridge mode on the workgroup bridge:
On the workgroup bridge access point GUI, choose Workgroup Bridge for the role in radio
network on the Settings > Network Interfaces page.
On the workgroup bridge access point CLI, enter this command: station-role workgroup-bridge
The workgroup bridge can associate only to lightweight access points (except the Cisco Airespace
AP1000 series access points, which are not supported).
Only workgroup bridge in client mode (which is the default value) are supported. Those in
infrastructure mode are not supported. Perform one of the following to enable client mode on the
workgroup bridge:
On the workgroup bridge access point GUI, choose Disabled for the Reliable Multicast to
workgroup bridge parameter.
On the workgroup bridge access point CLI, enter this command: no infrastructure client.
Note VLANs are not supported for use with workgroup bridges.
These lightweight features are supported for use with a workgroup bridge:
Guest N+1 redundancy
Local EAP
These lightweight features are not supported for use with a workgroup bridge:
Cisco Centralized Key Management (CCKM)
Hybrid REAP
Idle timeout
Web authentication
Note If a workgroup bridge associates to a web-authentication WLAN, the workgroup bridge is added to the
exclusion list, and all of the workgroup bridge wired clients are deleted.
In a mesh network, a workgroup bridge can associate to any mesh access point, regardless of
whether it acts as a root access point or a mesh access point.
Wired clients connected to the workgroup bridge are not authenticated for security. Instead, the
workgroup bridge is authenticated against the access point to which it associates. Therefore, Cisco
recommends that you physically secure the wired side of the workgroup bridge.
With Layer 3 roaming, if you plug a wired client into the workgroup bridge network after the
workgroup bridge has roamed to another controller (for example, to a foreign controller), the wired
client’s IP address displays only on the anchor controller, not on the foreign controller.