This section describes the two types of bridges. It includes the following topics:
The Wireless Distribution System (WDS) allows you to connect multiple WAP571/E devices. With WDS, access points communicate with one another without wires. This capability is critical in providing a seamless experience for roaming clients and for managing multiple wireless networks. It can also simplify the network infrastructure by reducing the amount of cabling required. You can configure the WAP device in point-to-point or point-to-multipoint bridge mode based on the number of links to connect.
In the point-to-point mode, the WAP device accepts client associations and communicates with wireless clients and other repeaters. The WAP device forwards all traffic meant for the other network over the tunnel that is established between the access points. The bridge does not add to the hop count. It functions as a simple OSI Layer 2 network device.
In the point-to-multipoint bridge mode, one WAP device acts as the common link between multiple access points. In this mode, the central WAP device accepts client associations and communicates with the clients and other repeaters. All other access points associate only with the central WAP device that forwards the packets to the appropriate wireless bridge for routing purposes.
The AP can also act as a repeater. In this mode, the AP serves as a connection between two APs that might be too far apart to be within cell range. When acting as a repeater, the AP does not have a wired connection to the LAN and repeats signals by using the wireless connection. No special configuration is required for the AP to function as a repeater, and there are no repeater mode settings. Wireless clients can still connect to an WAP device that is operating as a repeater.
Before you configure WDS on the WAP device, note these guidelines
• For pure bridging mode that does not allow client associations, we recommend using obscure WPA key for VAP0 or disabling the SSID broadcast.
• All Cisco WAP devices participating in a WDS link must have the following identical settings:
– Channel (Auto is not recommended)
Note When
operating bridging in the 802.11n 2.4 GHz band, set the Channel Bandwidth
to 20 MHz, rather than the default 20/40 MHz. In the 2.4 GHz
20/40 MHz band, the operating bandwidth can change from 40 MHz to 20 MHz
if any 20 MHz WAP devices are detected in the area. The mismatched channel
bandwidth can cause the link to disconnect.
See Radio (Basic Settings) for information on configuring these settings.
• When using WDS, be sure to configure WDS on both WAP devices participating in the WDS link.
• You can have only one WDS link between any pair of WAP devices. That is, a remote MAC address may appear only once on the WDS page for a particular WAP device.
1. Select Wireless > Bridge in the navigation pane.
2. Select the WDS Bridge from the drop-down selection.
3. Check Enable for the WDS Interface that you want to configure.
4. Configure the remaining parameters:
• Remote MAC Address—Specifies the MAC address of the destination WAP device; that is, the WAP device on the other end of the WDS link to which data is sent or handed-off and from which data is received.
Tip You can find the MAC address on the Status and Statistics > Network Interface page.
• Encryption—The type of encryption to use on the WDS link; it does not have to match the VAP you are bridging. The WDS Encryption settings are unique to the WDS bridge. The options are none, WEP, and WPA Personal. The WPA2-PSK is an option for the WDS link encryption and VAP security. The administrator needs to choose those options to enforce them.
If you are unconcerned about security issues on the WDS link, you may decide not to set any type of encryption. Alternatively, if you have security concerns you can choose between Static WEP and WPA Personal. In WPA Personal mode, the WAP device uses WPA2-PSK with CCMP (AES) encryption over the WDS link. See WEP on WDS Links or WPA/PSK on WDS Links following this procedure for more information about encryption options.
Note Static WEP is applicable only when the radio is operating in legacy mode: 802.11a for 5 GHz radio and 802.11b/g for 2.4 GHz radio.
5. Click Save. The changes are saved to the Startup Configuration.
6. Replicate this procedure on the other device or devices connecting to the bridge.
Tip You can verify that the bridge link is up by going to the Status and Statistics > Network Interface page. In the Interface Status table, the WLAN0:WDS(x) status should state Up.
Note Partner WDS AP in the remote network retains its management IP address acquired from a DHCP server connected to the WDS AP in the main network even if the WDS link is broken. The IP address is released when the WDS interface is brought administratively down.
Caution After new settings are saved, the corresponding processes may be stopped and restarted. When this happens, the WAP device may lose connectivity. We recommend that you change WAP device settings when a loss of connectivity will least affect your wireless clients.
These additional fields appear when you select WEP as the encryption type.
• Key Length—If WEP is enabled, specify the length of the WEP key as 64 bits or 128 bits.
• Key Type—If WEP is enabled, specify the WEP key type: ASCII or Hex.
• WEP Key—If you selected ASCII, enter any combination of 0 to 9, a to z, and A to Z. If you selected Hex, enter hexadecimal digits (any combination of 0 to 9 and a to f or A to F). These are the RC4 encryption keys shared with the stations using the WAP device.
Note that the required number of characters is indicated to the right of the field and changes based on your selections in the Key Type and Key Length fields.
These additional fields appear when you select WPA/PSK as the encryption type.
• WDS ID—Enter an appropriate name for the new WDS link you have created. It is important that the same WDS ID is also entered at the other end of the WDS link. If this WDS ID is not the same for both WAP devices on the WDS link, they will not be able to communicate and exchange data.
The WDS ID can be any alphanumeric combination.
• Key—Enter a unique shared key for the WDS bridge. This unique shared key must also be entered for the WAP device at the other end of the WDS link. If this key is not the same for both WAPs, they will not be able to communicate and exchange data.
The WPA-PSK key is a string of at least 8 characters to a maximum of 63 characters. Acceptable characters include uppercase and lowercase alphabetic letters, the numeric digits, and special symbols such as @ and #.
The AP WorkGroup Bridge feature enables the WAP device to extend the accessibility of a remote network. In WorkGroup Bridge mode, the AP acts as a wireless station (STA) on the wireless LAN. It can bridge traffic between a remote wired network and the wireless LAN that is connected using the WorkGroup Bridge mode.
The WorkGroup Bridge feature enables support for STA-mode. The WAP device can operate on Basic Service Set (BSS) as an STA device. When WorkGroup Bridge mode is enabled, the AP supports only one BSS with which the AP associates as a wireless client.
It is recommended that WorkGroup Bridge mode be used only when the WDS bridge feature cannot be operational with a peer AP. WDS is a better solution and is preferred over the WorkGroup Bridge solution. Use WDS if you are bridging Cisco WAP571/E devices. If you are not, then consider WorkGroup Bridge. When the WorkGroup Bridge feature is enabled, the VAP configurations are not applied; only the WorkGroup Bridge configuration is applied.
Note The WDS feature does not work when the WorkGroup Bridge mode is enabled on the AP.
In WorkGroup Bridge mode, the BSS managed by the WAP device (that is, the one to which the WAP device associates as an STA) is referred to as the infrastructure client interface, and the other WAP device is referred as the upstream AP.
The devices connected to the wired interface of the WAP device, can access the network connected by the infrastructure client interface.
Before you configure WorkGroup Bridge on the WAP device, note these guidelines:
• All WAP devices participating in WorkGroup Bridge must have the following identical settings:
– Channel (Auto is not recommended)
See Radio (Basic Settings) for information on configuring these settings.
• WorkGroup Bridge mode currently supports only IPv4 traffic.
• WorkGroup Bridge mode is not supported across a Single Point Setup.
To configure WorkGroup Bridge mode:
1. Select Wireless > Bridge in the navigation pane.
2. Select the WorkGroup Bridge Mode from the drop-down selection.
3. Select Enable for the WorkGroup Bridge Mode.
4. Select the radio interface on which to configure WorkGroup Bridge mode (Radio 1 or Radio 2).
5. Configure these parameters for the Infrastructure Client Interface (upstream):
Note There is an arrow next to SSID for SSID Scanning; this feature is disabled by default, and is enabled only if AP Detection is enabled in Rogue AP Detection (which is also disabled by default).
• Security—The type of security to use for authenticating as a client station on the upstream WAP device. Choices are:
• VLAN ID—The VLAN associated with the BSS.
Note The Infrastructure Client Interface will be associated with the upstream WAP device with the configured credentials. The WAP device may obtain its IP address from a DHCP server on the upstream link. Alternatively, you can assign a static IP address. The Connection Status field indicates whether the WAP is connected to the upstream WAP device. You can click the Refresh button to view the latest connection status.
WGB AP (the AP acting as a client to the upstream AP) retains its management IP address acquired from an upstream DHCP server even if it gets disassociated from the upstream AP.
Note Static WEP is applicable only when the radio is operating in legacy mode: 802.11a for 5 GHz radio and 802.11b/g for 2.4 GHz radio.