Cisco Systems 0L-11350-01

19-19

Cisco IOS Software Configuration Guide for Cisco Aironet Access Points

OL-11350-01

Chapter19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode

The Workgroup Bridge in a Lightweight Environment

•The workgroup bridge can be any autonomous access point that supports the workgroup bridge

mode and is running Cisco IOS Release 12.4(3g)JA or greater (on 32-MB access points) or Cisco

IOS Release 12.3(8)JEB or greater (on 16-MB access points). These access points include the

AP1121, AP1130, AP1231, AP1240, and AP1310. Cisco IOS Releases prior to 12.4(eg)JA and

12.3(8)JEB are not supported.

Note If your access point has two radios, you can configure only one for workgroup bridge mode. This radio

is used to connect to the lightweight access point. Cisco recommends that you disable the second radio.

Perform one of the following to enable the workgroup bridge mode on the workgroup bridge:

•On the workgroup bridge access point GUI, choose Workgroup Bridge for the role in radio

network on the Settings > Network Interfaces page.

•On the workgroup bridge access point CLI, enter this command: station-role workgroup-bridge

•The workgroup bridge can associate only to lightweight access points (except the Cisco Airespace

AP1000 series access points, which are not supported).

•Only workgroup bridge in client mode (which is the default value) are supported. Those in

infrastructure mode are not supported. Perform one of the following to enable client mode on the

workgroup bridge:

–

On the workgroup bridge access point GUI, choose Disabled for the Reliable Multicast to

workgroup bridge parameter.

–

On the workgroup bridge access point CLI, enter this command: no infrastructure client.

Note VLANs are not supported for use with workgroup bridges.

•These lightweight features are supported for use with a workgroup bridge:

–

Guest N+1 redundancy

–

Local EAP

•These lightweight features are not supported for use with a workgroup bridge:

–

Cisco Centralized Key Management (CCKM)

–

Hybrid REAP

–

Idle timeout

–

Web authentication

Note If a workgroup bridge associates to a web-authentication WLAN, the workgroup bridge is added to the

exclusion list, and all of the workgroup bridge wired clients are deleted.

•In a mesh network, a workgroup bridge can associate to any mesh access point, regardless of

whether it acts as a root access point or a mesh access point.

•Wired clients connected to the workgroup bridge are not authenticated for security. Instead, the

workgroup bridge is authenticated against the access point to which it associates. Therefore, Cisco

recommends that you physically secure the wired side of the workgroup bridge.

•With Layer 3 roaming, if you plug a wired client into the workgroup bridge network after the

workgroup bridge has roamed to another controller (for example, to a foreign controller), the wired

client’s IP address displays only on the anchor controller, not on the foreign controller.