19-22
Cisco IOS Software Configuration Guide for Cisco Aironet Access Points
OL-30644-01
Chapter19 Configuring Repeater and Standby Access Points and Wo rkgroup Bridge Mode
Using Workgroup Bridges in a Lightweight Environment
Guidelines for Using Workgroup Bridges in a Lightweight Environment
Follow these guidelines for using workgroup bridges on your lightweight network:
The workgroup bridge can be any autonomous access point that supports the workgroup bridge
mode and is running Cisco IOS Release JA or greater (on 32-MB access points) or Cisco IOS
Release 12.3(8)JEB or greater (on 16-MB access points). These access points include the AP1040,
AP1140, and AP1260. Cisco IOS Releases prior to 12.4(3g)JA and 12.3(8)JEB are not supported.
Note If your access point has two radios, you can configure only one for workgroup bridge mode. This radio
is used to connect to the lightweight access point. We recommend that you disable the second radio.
Perform one of the following to enable the workgroup bridge mode on the workgroup bridge:
On the workgroup bridge access point GUI, choose Workgroup Bridge for the role in radio network
on the Network > Network Interfaces > Radio0-802.11N2.4GHz /
Radio1-802.11N 5GHz > Settings page.
Alternatively, on the WGB access point CLI radio configuration submode, enter this command:
station-role workgroup-bridge
Only workgroup bridge in client mode (which is the default value) are supported. The lightweight
access point will not relay multicast frames in a unicast fashion to associated workgroup bridges.
Perform one of the following to enable client mode on the workgroup bridge:
On the radio configuration page, choose Disabled for the Reliable Multicast to workgroup
bridge parameter.
From the radio configuration submode, enter this command: no infrastructure client.
These lightweight features are supported for use with a workgroup bridge:
Guest N+1 redundancy
Local EAP
These lightweight features are not supported for use with a workgroup bridge:
Cisco Centralized Key Management (CCKM)
Hybrid REAP
Idle timeout
Web authentication
Note If a workgroup bridge associates to a web-authentication WLAN, the workgroup bridge is added to the
exclusion list, and all of the workgroup bridge wired clients are deleted.
In a mesh network, a workgroup bridge can associate to any mesh access point, regardless of
whether it acts as a root access point or a mesh access point.
Wired clients connected to the workgroup bridge are not authenticated for security. Instead, the
workgroup bridge is authenticated against the access point to which it associates. Therefore, We
recommend that you physically secure the wired side of the workgroup bridge.
With Layer 3 roaming, if you connect a wired client into the workgroup bridge network after the
workgroup bridge has roamed to another controller (for example, to a foreign controller), the wired
client’s IP address displays only on the anchor controller, not on the foreign controller.