Introduction

This document provides information about Workgroup Bridge (WGB) and Universal WGB mode that are supported on the Cisco Industrial Wireless Cheetah OS (COS) based access points.


Note

The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

Overview of Workgroup Bridge

A workgroup bridge (WGB) is a Cisco access point that can be configured in a mode that permits it to associate with a wireless infrastructure, providing network access on behalf of wired clients. It is also called as a wireless bridge.


Note

This document only covers WGB mode on the Cheetah OS (COS) APs.

A Cisco WGB provides information about its wired clients via Internet Access Point Protocol (IAPP) messaging. This enables the wireless infrastructure to know the MAC addresses of the WGB’s wired clients. Up to 20 wired clients are supported behind a Cisco WGB.

Figure 1. WGB Example

  • The following authentication modes are supported for use with a WGB:

    Open, PSK, dot1X (including LEAP, PEAP, FAST, TLS)

  • Wired clients connected to the WGB are not authenticated for security. Instead, the WGB is authenticated against the access point to which it associates. Therefore, we recommend that you physically secure the wired side of the WGB.

  • Wired clients connected to a WGB inherit the WGB’s QoS and AAA override attributes.

  • To enable the WGB to communicate with the lightweight access point, create a WLAN and make sure that Aironet IE is enabled. To associate to a Cisco AP, make sure that Aironet IE is enabled on the controller.

Overview of Universal WGB

Universal WGB (uWGB) is a complementary mode of WGB feature that acts as a wireless bridge between the wired client connected to uWGB and wireless infrastructure including Cisco and non-Cisco wireless network. One of the wireless interface is used to connect with the access point. The radio MAC is used to associate AP.

The uWGB mode only supports bridge assigned MAC address wired client to AP or Controller network. When the WGB device is in uWGB mode, only one wired client can be connected behind it. The uWGB mode does not support multiple VLANs.

Supported Platforms

The WGB and uWGB configurations discussed in this document are supported on the following Cheetah (COS) based access points:

  • Cisco Catalyst IW6300 Heavy Duty Series and 6300 Series Embedded Services Access Points

  • Cisco Wide Pluggable Form Factor WIFI6 AP Module

Cisco Catalyst IW6300 Heavy Duty Series and 6300 Series Embedded Services Access Points

Designed for the most hazardous industrial locations, Cisco Catalyst IW6300 Heavy Duty Access Points (hereafter called IW6300) deliver wireless connectivity, IoT control, and robust data collection to dangerous environments. With 802.11ac Wave 2 connectivity, dual Power over Ethernet Plus (PoE+) out for IoT sensors or peripherals, multiple power-in sources, and a variety of uplink options, the IW6300 is a flexible wireless solution today’s dynamic industry landscape requires.

Cisco 6300 Series Embedded Services Access Points (hereafter called ESW6300) integrate wireless mesh networking into heavy-industry and smart-city assets, and provides a dependable and secure connectivity solution in almost any work environment.

The IW6300 and ESW6300 access points can operate in the following modes:

  • Unified mode

    • Local

    • Flexconnect

    • Bridge

    • Flexconnect with Bridge

    • Sniffer

  • Workgroup Bridge

This document covers only Workgroup Bridge (WGB) configuration.

For more information about IW6300 and ESW6300 access points, see https://www.cisco.com/c/en/us/support/wireless/industrial-wireless-6300-series/series.html.

Cisco Wide Pluggable Form Factor WIFI6 AP Module

The Cisco Wide Pluggable Form Factor WIFI6 AP Module (Cisco PID: WP-WIFI6-x) is a pluggable 802.11ax module for industrial routers. This ruggedized wide pluggable module provides the latest Wi-Fi technology and is compatible with the latest wireless controllers from Cisco. The module can run in Control and Provisioning of Wireless Access Points (CAPWAP) mode and Embedded Wireless Controller (EWC) mode, as well as Work Group Bridge (WGB) mode.

This document covers only WGB and uWGB mode configurations.


Note

WP-WiFi6 supports uWGB mode from Cisco IOS XE Release 17.8.1.

For more information on configuring this module, see https://www.cisco.com/c/en/us/td/docs/routers/access/IR1800/software/b-cisco-ir1800-scg/m-wifi.html.

Limitations and Restrictions

This section provides limitations and restrictions for WGB and uWGB modes.

  • The WGB can associate only with Cisco lightweight access points. The universal WGB can associate to a third party WGB.

  • Per-VLAN Spanning Tree (PVST) and packets are used to detect and prevent loops in the wired and wireless switching networks. WGB transparently bridge STP packets. WGB can bridge STP packets between two wired segments. Incorrect or inconsistent configuration of STP in the wired segments can cause WGB wireless link to be blocked by the connected switch(es) to Access Point or WGB. This could cause WGB to disconnect from AP or AP disconnection to Controller to drop, and wired clients not receiving IP addresses, as STP begins to block switch port in the wired network. If administrator needs to disable bridging of STP between the wired segments by the WGB, we recommend disabling the STP on the directly connected switches in the wireless network.

  • The following features are not supported for use with a WGB:

    • Idle timeout

    • Web authentication

  • With Layer 3 roaming, if you plug a wired client into the WGB network after the WGB has roamed to another controller (for example, to a foreign controller), the wired client’s IP address displays only on the anchor controller, not on the foreign controller.

  • When you deauthenticate a WGB record from a controller, all of the WGB wired clients’ entries are also deleted.

  • These features are not supported for wired clients connected to a WGB:

    • MAC filtering

    • Link tests

    • Idle timeout

  • Associating a WGB to a WLAN that is configured for Adaptive 802.11r is not supported.

  • PoE Out is not supported for WGB mode on IW6300 and ESW6300 access points.

  • WGB supports IPv6 only when IPv4 is enable. But there is no impact on WGB wired clients IPv6 traffic.

  • WGB management IPv6 does not work after WGB uplink association is completed. WGB can get an IPv6 address when the association is successful. But IPv6 ping will not be passed from or to WGB. SSH from wireless or wired client to WGB management IPv6 is not working. The workaround to bypass the pingable issue is to re-enable IPv6, even though IPv6 has already been enabled and the IPv6 address has been assigned.

  • uWGB mode does not support SSH connecting to itself.

  • uWGB mode does not support TFTP or SFTP upgrade image. The workaround is to convert uWGB mode to CAPWAP AP or WGB mode connected with Cisco AP to upgrade the image.

  • uWGB does not support host IP service. Some functions, such as image upgrade via radio uplink and remote management via SSH session, are not supported.