Support for CAPWAP and WGB Modes on the Cisco Wi-Fi Interface Module

Support for CAPWAP and WGB Modes on the Cisco Wi-Fi Interface Module

The Cisco Wi-Fi Interface Module (WIM) is a pluggable interface module available for all models of the IR1800 series. The Product Identifier (PID) is WP-WIFI6-x where x signifies the regulatory domain. For more information about WIM, see Cisco Wi-Fi Interface Module (WIM) Configuration Guide..

Cisco IOS XE Release 17.14.1 supports:

  1. Switch operation mode between Control and Provisioning of Wireless Access Points (CAPWAP) and Workgroup Bridge (WGB).

  2. Factory reset and erase configuration.

  3. Configure the radios for WGB uplink and concurrent Root AP mode operations.

The following table summarises the management support for Wi-Fi Module operations in IR1800:

Modes

WIM IOS XE Release

Router IOSXE Release

Support

Control and Provisioning of Wireless Access Points (CAPWAP) Mode

17.11.0.155 and later

17.13.1 and later

Cisco Wireless LAN Controller.

Embedded Wireless Controller (EWC) Mode

17.11.0.155 and later

17.13.1 and later

IOS XE CLI vManage (SDWAN controller mode).

Work Group Bridge (WGB) Mode

17.11.0.155 and later

17.13.1

Cisco IoT Operations Dashboard.

17.14.1

Cisco IoT Operations Dashboard. IOS XE CLI vManage (SDWAN and SD-Routing modes).

Management Support for Cisco WIM in CAPWAP Mode

  • When operating in CAPWAP mode, the module functions as an Access Point managed by an external Cisco IOS XE Wireless LAN Controller, acquiring an IP address through DHCP and discovering the controller using Layer 3, DHCP, DNS, or IP subnet broadcast.

  • Configuration of DHCP server and Switch Virtual Interface (SVI) on the router for WIM is required for the CAPWAP mode for WIM to discover and communicate with Wireless LAN controller.


Note


The mode change from CAPWAP mode to WGB mode is supported only when the module is in its factory default configuration.

For more information, see Control And Provisioning of Wireless Access Points (CAPWAP).

Management Support for Cisco WIM in EWC Mode

  • The Wi-Fi module acts as a Cisco IOS XE Wireless LAN Controller in Embedded Wireless Controller (EWC) mode, supporting configuration from IOS XE release 17.13.1.


Note


The Wi-Fi module in EWC mode does not support changing to CAPWAP or WGB mode.


For more information, see Wireless LAN Controller.

For more information, see EWC Mode.

IPv6 Support

From Release 17.16.1a, vManage and Yang model supports both static and dynamic IPv6 configuration in WGB mode.

You can configure IPv6 on the WIM in WGB mode from the router to:

  • obtain IPv6 addresses,

  • collect metrics, and

  • view configuration details.

Use the show wireless-bridge clients, show wireless-bridge interface ipv4, and show wireless-bridge interface ipv6 commands on the router to view client IPv4 and IPv6 configuration details.

For more information on configuring IPv6 address, see Configure IPv6 address.

Management Support for Cisco WIM in WGB Mode

The following section describes the new configuration options available on IR1800 for Deploying Cisco Wi-Fi Interface Module in WGB mode.

Configuring IR1800 for deploying WGB

The following section show how to configure IR1800 for deploying WGB:

Configuring a QoS Profile

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

qos-profile qos-profile-name {bronze | gold | platinum | silver }

Example:


router(config-wl-bridge)# qos-profile test-qos-profile bronze

Create a QoS profile with one of the levels of QoS policy.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile With Open Authentication Without a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name | authentication open

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid authentication open

Create SSID profile with open authentication.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile With Open Authentication With a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name qos-profile qos-profile-name authentication open

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid qos-profile test-qos-profile authentication open

Create SSID profile with open authentication with a QoS-profile mapped.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile with WPA2 Personal Authentication Without a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name authentication psk key-management wpa2 secret-key {0 | 6 | 7 } secret-key

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid authentication psk key-management wpa2 secret-key 0 testkey123!

Create SSID profile with PSK authentication.

  • 0: Specifies an unencrypted secret key will follow.

  • 6: Specifies an encrypted secret key will follow.

  • 7: Specifies a hidden secret key will follow.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring an SSID Profile with WPA2 Personal Authentication With a QoS Profile Mapped

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

ssid-profile ssid-profile-name ssid ssid-name qos-profile qos-profile-name authentication psk key-management wpa2 secret-key {0 | 6 | 7 } secret-key

Example:

router(config-wl-bridge)# ssid-profile test-ssid-profile ssid test-ssid qos-profile qos-profile-test authentication psk key-management wpa2 secret-key 0 testkey123!

Create SSID profile with PSK authentication with QoS profile mapped.

  • 0: Specifies an unencrypted secret key will follow.

  • 6: Specifies an encrypted secret key will follow.

  • 7: Specifies a hidden secret key will follow.

Step 5

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11radio in WGB Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enters privileged EXEC mode.

Step 2

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {wgb } ssid-profile ssid-profile name

Example:

router(config-wl-bridge)# dot11radio 1 mode wgb ssid-profile test-ssid-profile

Configure a Dot11Radio as WGB.

Step 5

dot11radio {0|1} {enable | disable }

Example:

router(config-wl-bridge)# dot11radio 1 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} channel channel number channel-width

Example:

router(config-wl-bridge)# dot11radio 1 channel 40 40

Configure a Dot11Radio channel details.

Step 7

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11Radio in uWGB Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {uwgb } H.H.H ssid-profile ssid-profile name

Example:


router(config-wl-bridge)# dot11radio 1 mode uwgb E462.C49F.9AA0 ssid-profile test-ssid-profile

Configure a Dot11Radio as uWGB.

Step 5

dot11radio {0|1} {enable | disable }

Example:
router(config-wl-bridge)# dot11radio 1 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} channel channel number channel-width

Example:
router(config-wl-bridge)# dot11radio 1 channel 40 40

Configure a Dot11Radio channel details.

Step 7

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Configuring a Dot11radio in Root AP Mode and Configuring Various Parameters

Procedure
  Command or Action Purpose

Step 1

enable

Example:

router# enable

Enables privileged EXEC mode.

Step 2

configure terminal

Example:
router# configure terminal

Enters global configuration mode.

Step 3

wireless-bridge submode

Example:

router(config)# wireless-bridge 

Enters wireless-bridge configuration mode.

Step 4

dot11radio {0|1} mode {root-ap}

Example:


router(config-wl-bridge)# dot11radio 0 mode root-ap

Configure a Dot11Radio as Root AP.

The Root AP places the bridge in access point mode. In this mode, the bridge emulates a Cisco Aironet 1100 Series Access Point and accepts associations from client devices.

Step 5

dot11radio {0|1} {enable | disable }

Example:
router(config-wl-bridge)# dot11radio 0 enable

Enabling Dot11Radio.

Step 6

dot11radio {0|1} wlan wlan-profile-name wlan-id (2-16) vlan vlan-id (2-4094)

Example:
router(config-wl-bridge)# dot11radio 0 wlan test-wlan-profile 4 vlan 400

Map a WLAN profile to the Dot11Radio in Root AP mode.

Step 7

dot11radio {0|1} channel channel number channel-width

Example:
router(config-wl-bridge)# dot11radio 0 channel 5 20

Configure a Dot11Radio channel details.

Step 8

End

Example:
router(config-wl-bridge)# end

Exits wireless-bridge configuration mode and returns to privilege EXEC mode.

Note

 

1.The above command bridges VLAN creation in the client serving radio to wired0, forwarding wireless client traffic directly to the router.

2.WLAN IDs range from 2 to 16 (supporting a maximum of 15 WLANs). Configurations related to the Root AP will take effect only after toggling the Root AP radio.

3.Enabling Broadcast tagging in WGB will prevent the Root AP from supporting wireless client connections. Broadcast tagging configuration is disabled by default.

Configure IPv4 address

Use this task to configure the IPv4 address on the WIM in WGB mode from the router.

Procedure

Step 1

Use the enable command to enable the privileged EXEC mode.

router#enable

Step 2

Use the configure terminal command to enter the global configuration mode.

router#configure terminal

Step 3

Use the wireless-bridge command to enter the wireless-bridge configuration mode.

router(config)#wireless-bridge 

Step 4

Use the wgb address ipv4 static ipaddress netmask gateway command to configure a static IPv4 address along with the netmask and the default gateway.

router(config-wl-bridge)# wgb address ipv4 static 10.10.10.2 255.255.255.0 10.10.10.1

Step 5

Use the wgb address ipv4 dhcp command to configure DHCP IPv4 address.

router(config-wl-bridge)#wgb address ipv4 dhcp

Configure IPv6 address

Use this task to configure the IPv6 address on the WIM in WGB mode from the router.

Procedure

Step 1

Use the enable command to enable the privileged EXEC mode.

router#enable

Step 2

Use the configure terminal command to enter the global configuration mode.

router#configure terminal

Step 3

Use the wireless-bridge command to enter the wireless-bridge configuration mode.

router(config)#wireless-bridge 

Step 4

Use the wgb address ipv6 static ipaddress netmask gateway command to configure a static IPv6 address along with the netmask and the default gateway.

router(config-wl-bridge)# wgb address ipv6 static 2000:100::10 64  2000:100::1

Step 5

Use the wgb address ipv6 dhcp command to configure DHCP IPv6 address.

router(config-wl-bridge)#wgb address ipv6 dhcp

Verify the WGB Mode Configuration, Monitoring Operational Status

Use the following commands to verify the configuration status:

Command: show run-config | sec wireless-bridge

Example:

router#show run-config | sec wireless-bridge

Use the following commands for monitoring the operational status:

Command: show wireless-bridge status

Example:

router#show wireless-bridge status
Module Operating Mode : WGB mode
Module Status         : Module State Ready
Software Version      : 17.11.0.155
Module Session Status : Login Success

Command: show wireless-bridge wlans

Example:

router#show wireless-bridge wlans  
 wlan  band  oper  vlan  #client  wlan-mode  SSID
 ----  ----  ----  ----  -------  ---------  -----------------
    2  2.4g    up     2        1   downlink  myssid

Command: show wireless-bridge clients

Example:

From Release 17.16.1a, Cisco WIM introduces support for IPv6, and both IPv4 and IPv6 addresses are visible in the output.

router#show wireless-bridge clients
 Client-MAC-Addr    band  status        wlan  DeviceType  SSID       IPV4 address      IPV6 address
 -----------------  ----  ------------  ----  ----------  ---------- ----------------  --------------------------
 E4:62:C4:9F:68:CF    5g  Associated      3   wireless    000_bba    30.30.30.2        FE80::EDA6:F758:9C25:8539

Note


vManage does not support to view client IPv4 and IPv6 configuration details.


Command: Use the show wireless-bridge interface ipv4 command to view the IPv4 interface details.

Example:

router#show wireless-bridge interface ipv4
Interface            IP-Address      Method   Status                 Protocol   Speed      Duplex
wired0               unassigned      unset    up                     up         1000       full
auxiliary-client     20.20.20.5      DHCP     up                     up         n/a        n/a
service-vlan         n/a             n/a      up                     up         n/a        n/a
apr0v0               n/a             n/a      up                     up         n/a        n/a
apr1v0               n/a             n/a      up                     up         n/a        n/a

Command: Use the show wireless-bridge interface ipv6 command to view the IPv6 interface details.

Example:

router#show wireless-bridge interface ipv6
srcr2     Link encap:Ethernet  HWaddr E4:62:C4:9F:52:40
          inet addr:20.20.20.5  Bcast:20.20.20.255  Mask:255.255.255.0
          inet6 addr: 3000:100::9d98:c2e:5a8f:1351/128 Scope:Global
          inet6 addr: 3000:100::c132:d20b:b520:3537/128 Scope:Global
          inet6 addr: fe80::18c:5b82:4cef:c56c/64 Scope:Link
          inet6 addr: 3000:100::5996:1093:a134:ea8c/128 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5042 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:565722 (552.4 KiB)  TX bytes:556927 (543.8 KiB)

Command: Use the show wireless-bridge running-configuration command to view the configuration and operational status

Example:

router#show wireless-bridge running-configuration
### WGB Running config - Hostname: device ###

configure ap management add username Cisco1 password $1$$r0JYqf7z0bIzm/v2jcqVp/ secret $1$$cN9KzIWhwzaBqoL.xelgi1
configure ap address ipv6 dhcp
configure qos profile qos-profile1 gold
configure ssid-profile wlan2 ssid 000_aab authentication open
configure ssid-profile wlan3 ssid 000_bba authentication open
configure dot11Radio 0 mode wgb ssid-profile wlan2
configure dot11Radio 0 enable
configure dot11Radio 1 enable
configure dot11Radio 1 mode root-ap
configure dot11Radio 1 wlan add wlan3 3 vlan 30
configure dot11Radio 1 channel 36 80
configure dot11Radio 1 tx-power 1

For additional Information about WGB and Universal Workgroup Bridge (uWGB) configuration, refer the following documents:

Additional Commands

Clear Configuration

To clear the configuration on the Wi-Fi module, use the following command:
router# wireless-bridge erase

Factory Reset

To perform a factory reset on the module, use the following command:
router# wireless-bridge factory reset config/default

Mode Conversion

To change the operating mode of the module between WGB and CAPWAP modes, use the following command:
router# wireless-bridge boot mode capwap/wgb

Firmware Upgrade

Firmware upgrade is supported from Unified Client Image version 17.11 and above when running in WGB mode. To upgrade the firmware, the IR1800 requires the TFTP server to be enabled for the module to obtain the image.

The firmware upgrade process takes about 5-6 minutes to complete. Upon successful upgrade, the Wi-Fi module is automatically reloaded with the new image.

Procedure

  Command or Action Purpose

Step 1

enable

Example:


router# enable

Enters privileged EXEC mode.

Step 2

copy rcp://local-server/ap1g8t-k9c1-tar-k9c1-tar

Example:


router# copy rcp://netadmin@172.16.101.101/ap1g8t-k9c1-tar bootflash:ap1g8t-k9c1-tar

Copy the unified client image(ap1g8t-k9c1-tar) to IR1800. The image will be downloaded to the module from this location.

Step 3

configure terminal

Example:

router# configure terminal

Enters global configuration mode.

Step 4

tftp-server directory:image

Example:

router# tftp-server bootflash:ap1g8t-k9c1-tar
router# end

Configure the image location on the TFTP Server of IR1800 and exit from global configuration mode.

Step 5

wireless-bridge firmware-upgrade ap1g8t-k9c1-tar ip netmask gateway

Example:

router(config)# wireless-bridge firmware-upgrade ap1g8t-k9c1-tar 10.10.10.1 255.255.255.0 10.10.10.1

Start Firmware upgrade.

Step 6

more bootflash:/od_status

Firmware upgrade takes about 5 to 6 minutes to complete. Check the od_status logs to monitor the progress.