Support for CAPWAP and WGB Modes on the Cisco Wi-Fi Interface Module

Support for CAPWAP and WGB Modes on the Cisco Wi-Fi Interface Module

The Cisco Wi-Fi Interface Module (WIM) is a pluggable interface module available for all models of the IR1800 series. The Product Identifier (PID) is WP-WIFI6-x where x signifies the regulatory domain. For more information about WIM, see Cisco Wi-Fi Interface Module (WIM) Configuration Guide..

Cisco IOS XE Release 17.14.1 supports:

  1. Switch operation mode between Control and Provisioning of Wireless Access Points (CAPWAP) and Workgroup Bridge (WGB).

  2. Factory reset and erase configuration.

  3. Configure the radios for WGB uplink and concurrent Root AP mode operations.

The following table summarises the management support for Wi-Fi Module operations in IR1800:

Modes

WIM IOS XE Release

Router IOSXE Release

Support

Control and Provisioning of Wireless Access Points (CAPWAP) Mode

17.11.0.155 and later

17.13.1 and later

Cisco Wireless LAN Controller.

Embedded Wireless Controller (EWC) Mode

17.11.0.155 and later

17.13.1 and later

IOS XE CLI vManage (SDWAN controller mode).

Work Group Bridge (WGB) Mode

17.11.0.155 and later

17.13.1

Cisco IoT Operations Dashboard.

17.14.1

Cisco IoT Operations Dashboard. IOS XE CLI vManage (SDWAN and SD-Routing modes).

Management Support for Cisco WIM in CAPWAP Mode

  • When operating in CAPWAP mode, the module functions as an Access Point managed by an external Cisco IOS XE Wireless LAN Controller, acquiring an IP address through DHCP and discovering the controller using Layer 3, DHCP, DNS, or IP subnet broadcast.

  • Configuration of DHCP server and Switch Virtual Interface (SVI) on the router for WIM is required for the CAPWAP mode for WIM to discover and communicate with Wireless LAN controller.


Note


The mode change from CAPWAP mode to WGB mode is supported only when the module is in its factory default configuration.

For more information, see Control And Provisioning of Wireless Access Points (CAPWAP).

Management Support for Cisco WIM in EWC Mode

  • The Wi-Fi module acts as a Cisco IOS XE Wireless LAN Controller in Embedded Wireless Controller (EWC) mode, supporting configuration from IOS XE release 17.13.1.


Note


The Wi-Fi module in EWC mode does not support changing to CAPWAP or WGB mode.


For more information, see Wireless LAN Controller.

For more information, see EWC Mode.

Management Support for Cisco WIM in WGB Mode

The following section describes the new configuration options available on IR1800 for Deploying Cisco Wi-Fi Interface Module in WGB mode.

Configuring IR1800 for deploying WGB

The following section show how to configure IR1800 for deploying WGB:

Configuring a QoS Profile

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

qos-profile qos-profile-name {bronze | gold | platinum | silver }

Example:


router(config-wl-bridge)# qos-profile test-qos-profile bronze

Create a QoS profile with one of the levels of QoS policy.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile With Open Authentication Without a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name | authentication open

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid authentication open

Create SSID profile with open authentication.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile With Open Authentication With a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name qos-profile qos-profile-name authentication open

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid qos-profile test-qos-profile authentication open

Create SSID profile with open authentication with a QoS-profile mapped.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile with WPA2 Personal Authentication Without a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name authentication psk key-management wpa2 secret-key {0 | 6 | 7 } secret-key

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid authentication psk key-management wpa2 secret-key 0 testkey123!

Create SSID profile with PSK authentication.

  • 0: Specifies an unencrypted secret key will follow.

  • 6: Specifies an encrypted secret key will follow.

  • 7: Specifies a hidden secret key will follow.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile with WPA2 Personal Authentication With a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name qos-profile qos-profile-name authentication psk key-management wpa2 secret-key {0 | 6 | 7 } secret-key

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid qos-profile qos-profile-test authentication psk key-management wpa2 secret-key 0 testkey123!

Create SSID profile with PSK authentication with QoS profile mapped.

  • 0: Specifies an unencrypted secret key will follow.

  • 6: Specifies an encrypted secret key will follow.

  • 7: Specifies a hidden secret key will follow.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11radio in WGB Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {wgb } ssid-profile ssid-profile name

Example:

router(config-wl-bridge)# dot11radio 1 mode wgb ssid-profile test-ssid-profile

Configure a Dot11Radio as WGB.

Step 5

dot11radio {0|1} {enable | disable }

Example:

router(config-wl-bridge)# dot11radio 1 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} channel channel number channel-width

Example:

router(config-wl-bridge)# dot11radio 1 channel 40 40

Configure a Dot11Radio channel details.

Step 7

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11Radio in uWGB Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {uwgb } H.H.H ssid-profile ssid-profile name

Example:


router(config-wl-bridge)# dot11radio 1 mode uwgb E462.C49F.9AA0 ssid-profile test-ssid-profile

Configure a Dot11Radio as uWGB.

Step 5

dot11radio {0|1} {enable | disable }

Example:
router(config-wl-bridge)# dot11radio 1 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} channel channel number channel-width

Example:
router(config-wl-bridge)# dot11radio 1 channel 40 40

Configure a Dot11Radio channel details.

Step 7

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11radio in Root AP Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {root-ap}

Example:


router(config-wl-bridge)# dot11radio 0 mode root-ap

Configure a Dot11Radio as Root AP.

The Root AP places the bridge in access point mode. In this mode, the bridge emulates a Cisco Aironet 1100 Series Access Point and accepts associations from client devices.

Step 5

dot11radio {0|1} {enable | disable }

Example:
router(config-wl-bridge)# dot11radio 0 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} wlan wlan-profile-name wlan-id (2-16) vlan vlan-id (2-4094)

Example:
router(config-wl-bridge)# dot11radio 0 wlan test-wlan-profile 4 vlan 400

Map a WLAN profile to the Dot11Radio in Root AP mode.

Step 7

dot11radio {0|1} channel channel number channel-width

Example:
router(config-wl-bridge)# dot11radio 0 channel 5 20

Configure a Dot11Radio channel details.

Step 8

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Note

 

1.The above command bridges VLAN creation in the client serving radio to wired0, forwarding wireless client traffic directly to the router.

2.WLAN IDs range from 2 to 16 (supporting a maximum of 15 WLANs). Configurations related to the Root AP will take effect only after toggling the Root AP radio.

3.Enabling Broadcast tagging in WGB will prevent the Root AP from supporting wireless client connections. Broadcast tagging configuration is disabled by default.

Additional Commands

Configure IPv4 address
Command or Action

Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge

Example:


router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

wgb address ipv4 static ipaddress netmask gateway

Example:



router(config-wl-bridge)# wgb address ipv4 static 10.10.10.2 255.255.255.0 10.10.10.1

Configure a static IPv4 address along with the netmask and the default gateway.

Step 5

wgb address ipv4 dhcp

Example:

router(config-wl-bridge)# wgb address ipv4 dhcp

Configure IPv4 address by DHCP

Step 6

End

Example:

router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Clear Configuration
To clear the configuration on the Wi-Fi module, use the following command:
router# wireless-bridge erase
Factory Reset
To perform a factory reset on the module, use the following command:
router# wireless-bridge factory reset config/default
Mode Conversion
To change the operating mode of the module between WGB and CAPWAP modes, use the following command:
router# wireless-bridge boot mode capwap/wgb

Verify the WGB Mode Configuration, Monitoring Operational Status

Use the following commands to verify the configuration status:

Command: show run-config | sec wireless-bridge

Example:

router#show run-config | sec wireless-bridge

Use the following commands for monitoring the operational status:

Command: show wireless-bridge status

Example:

router#show wireless-bridge status
Module Operating Mode : WGB mode
Module Status         : Module State Ready
Software Version      : 17.11.0.155
Module Session Status : Login Success

Command: show wireless-bridge wlans

Example:

router#show wireless-bridge wlans  
 wlan  band  oper  vlan  #client  wlan-mode  SSID
 ----  ----  ----  ----  -------  ---------  -----------------
    2  2.4g    up     2        1   downlink  myssid

Command: show wireless-bridge clients

Example:

From Release 17.14.1, Cisco WIM supports IPv4; however, the IPv4 address is not displayed in the output for this release.

router#show wireless-bridge clients
 Client-MAC-Addr    band  status        wlan  DeviceType  SSID       IPV4 address      IPV6 address
 -----------------  ----  ------------  ----  ----------  ---------- ----------------  --------------------------
 E4:62:C4:9F:68:CF    5g  Associated      3   wireless    000_bba    30.30.30.2        FE80::EDA6:F758:9C25:8539

For additional Information about WGB and Universal Workgroup Bridge (uWGB) configuration, refer the following documents:

Firmware Upgrade

Firmware upgrade is supported from Unified Client Image version 17.11 and above when running in WGB mode. To upgrade the firmware, the IR1800 requires the TFTP server to be enabled for the module to obtain the image.

The firmware upgrade process takes about 5-6 minutes to complete. Upon successful upgrade, the Wi-Fi module is automatically reloaded with the new image.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


router# enable

Enters privileged EXEC mode.

Step 2

copy rcp://local-server/ap1g8t-k9c1-tar-k9c1-tar

Example:


router# copy rcp://netadmin@172.16.101.101/ap1g8t-k9c1-tar bootflash:ap1g8t-k9c1-tar

Copy the unified client image(ap1g8t-k9c1-tar) to IR1800. The image will be downloaded to the module from this location.

Step 3

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 4

tftp-server directory:image

Example:

router# tftp-server bootflash:ap1g8t-k9c1-tar
router# end

Configure the image location on the TFTP Server of IR1800 and exit from global configuration mode.

Step 5

wireless-bridge firmware-upgrade ap1g8t-k9c1-tar ip netmask gateway

Example:

router(config)# wireless-bridge firmware-upgrade ap1g8t-k9c1-tar 10.10.10.1 255.255.255.0 10.10.10.1

Start Firmware upgrade.

Step 6

more bootflash:/od_status

Firmware upgrade takes about 5 to 6 minutes to complete. Check the od_status logs to monitor the progress.