Manage the Workgroup Bridges through Web UI

Workgroup Bridge

Workgroup Bridge (WGB) is an Access Point (AP) mode that:

  • provides wireless connectivity to wired clients that are connected to the Ethernet port of the WGB AP,

  • connects a wired network to a wireless segment by learning wired clients' MAC addresses on the Ethernet interface and reporting them to the wireless controller using Internet Access Point Protocol (IAPP) messages through an infrastructure AP, and

  • establishes a single wireless connection to the root AP, which in turn, treats the WGB as a wireless client.

For more details on WGB, see the chapter WGB.

Table 1. Feature History Table

Feature

Release Information

Feature Description
Manage the Workgroup Bridges through Web UI IOS XE 17.18.1

This feature enables you to configure the IW916X WGB through the Web UI.

Cisco Web UI is a browser-based graphical user interface (GUI) that simplifies device setup, monitoring, and troubleshooting, making it particularly helpful for users unfamiliar with the Command-Line Interface (CLI).

Access the Cisco Workgroup Bridge Web UI

This procedure describes how to access the Cisco Workgroup Bridge (WGB) Web UI dashboard by connecting a wired client, verifying connectivity, and logging in with the appropriate credentials.

Before you begin

  • Ensure your WGB switch has a wired client and is reachable on the 192.168.0.x network.

  • Configure the wired client and switch to access the Cisco WGB Web UI at its default IP address (192.168.0.10).

  • Perform these steps to access the Cisco WGB Web UI dashboard.

Procedure

Step 1

Access the Cisco WGB Web UI using a browser. Enter the IP address 192.168.0.10. Log in with the default credentials:

  • username—Cisco

  • password—Cisco

The Cisco WGB Web UI redirects you to its homepage. Ensure that the wired client and the Cisco WGB switch are on the 192.168.0.x network by verifying the client IP address.

Step 2

Ping 192.168.0.10 from the client to verify connectivity.

Step 3

Update the explicit login credentials.

Step 4

Log in using the new credentials to access the Cisco WGB Web UI.

Monitor the client details and configurations

You can track live activity and device connectivity to troubleshoot issues and ensure a seamless network. Monitor client details, such as MAC address, IP address, VLAN information, port, and last heard time (in seconds), to achieve this.

This procedure describes how to monitor client details.

Procedure

Step 1

From Cisco WGB Web UI, choose Monitor to view the client details.

Step 2

Choose a number from the Items per page drop-down to set how many client entries appear on each page.

Configure and authenticate wireless profiles

A wireless profile is a pre-configured set of network settings that enables devices to connect to a wireless network automatically and securely.

  • Allows devices to connect automatically without manual reconfiguration.

  • Stores network details such as SSID, security type, encryption method, and passphrase.

  • Minimizes credential entry errors and ensures secure, consistent connections.

  • Simplifies distribution and management of network settings across multiple devices.

  • Enables easy switching between saved networks (for example, home, office, or public Wi-Fi).

Configuring secure wireless access using 802.1X authentication

To configure secure wireless access using 802.1X authentication, complete these tasks:

Create a WLAN

This procedure describes how to create a WLAN.

You can create Wireless Local Area Network (WLAN) to provide wireless connectivity within a specific area, enabling devices to connect to the network without physical cables. WLANs enhance mobility by allowing users to move freely within the network's coverage area while maintaining connectivity. They reduce the need for extensive cabling, simplifies setup, and lower costs.

Before you begin

Configure Extensible Authentication Protocol (EAP), if you access multiple SSID.

Procedure

Step 1

Choose Profile > WLAN .

Step 2

Click Create .

Step 3

Select Authentication in WLAN Profile Configurations .

The Authentication types are:

  • Open : It provides access to networks without a password.

  • OWE : Opportunistic Wireless Encryption (OWE) provides automatic encryption for open networks without a password.

  • PSK : Pre-Shared Key (PSK) secures networks using a shared password for authentication and encryption.

  • SAE : Simultaneous Authentication of Equals (SAE) secures networks with strong password-based authentication and encryption.

  • EAP : Extensible Authentication Protocol (EAP) supports various authentication methods.

    You can configure EAP in WLAN either in Default EAP Profile or EAP Profile List . For details on EAP Profile configuration, see Create EAP profile .

    To select the EAP Profile List , you need to provide t Username , Password , and Key Management information. For more details, see Map EAP profile to SSID .

Step 4

Update the required Key Management details based on Authentication .

The Key Management types are:

  • dot11r : 802.11r (Fast Transition)

  • dot11w : 802.11w (Protected Management Frames)

  • WPA2 : secures Wi-Fi with AES encryption.

  • WAP3 : enhances Wi-Fi with stronger encryption and password security.

Step 5

Click Update & apply to device .

Create 802.1X profile

You can use a 802.1X Profile to define authentication settings for IEEE 802.1X, enabling secure, controlled, and authenticated network access for users and devices.

Perform these steps to create 802.1X profile.

Procedure

Step 1

Choose Profile > EAP.

Step 2

Click Create in DOT1x PROFILE area.

Step 3

Enter Dot1x Profile Name, Username and Password.

Step 4

Click Update & Apply to Device.

EAP profiles and SSID maps

You can use EAP profiles to define secure authentication methods (example: Protected Extensible Authentication Protocol (PEAP), Extensible Authentication Protocol - Transport Layer Security (EAP-TLS)) for validating users or devices on a wireless network. Similarly, you can configure SSID maps to associate network names (SSIDs) with specific policies, VLANs, or EAP profiles. Together, they ensure secure access, proper segmentation, and efficient network management.

Create EAP profile

To securely authenticate users and devices in networks, EAP is required as it provides robust access control and data protection. EAP is essential for IIoT ecosystems that require scalable and secure device authentication. It offers flexibility and multiple authentication methods, which are critical for network security and safeguarding sensitive data.

Before you begin
Configure 802.1x profile. For more details see, Create 802.1X profile.

Perform these steps to create EAP profile.

Procedure

Step 1

Choose Profile > EAP.

Step 2

Click Create in EAP PROFILE area.

Step 3

Update the Profile Name, EAP Method and Dot1x Credential Profile in EAP Profile Configurations .

Step 4

Click Update & Apply to Device.

Map EAP profile to SSID

Mapping the Extensible Authentication Protocol (EAP) to an Service Set Identifier (SSID) provides secure and authenticated access for devices connecting to the wireless network.

Perform these steps to map EAP profile to SSID.

Procedure

Step 1

Choose Profile > WLAN.

Step 2

Click Create.

Step 3

Update Profile Name and DTIM Period.

Step 4

Select EAP in Authentication.

Step 5

Select the Profile Name provided while creating the EAP in EAP Profile from the drop-down.

Step 6

Select Key Management from the drop-down.

Step 7

Click Update & apply to device.

Configure a static route for NAT wired client access to the WebUI in uWGB mode

This procedure describes how to configure a static route for NAT wired client access to the WebUI in uWGB mode.

You can add a route to the NAT wired client to access the WebUI in uWGB mode via private LAN port.

Run these commands on the Linux client.

Procedure

Step 1

sudo ifconfig ens192 172.16.1.10 netmask 255.255.255.0

ens192 —NAT wired client interface.

172.16.1.10 —IP address of NAT wired client.

Step 2

sudo ip route add 172.16.1.0/24 dev ens192

Step 3

sudo ip route add 192.168.109.0/24 via 172.16.1.11 dev ens192

The Cisco WGB Web UI for uWGB can be accessed from the NAT wired client.

172.16.1.11 —Configure WGB LAN port in WLAN > Radio Configuration > uWGB mode > NAT .

192.168.109.0 —Outside network IP address.

After configuring uWGB mode, access the Cisco WGB Web UI using the IP address 172.16.1.11 from the NAT wired client.

Create a NAT rule to access uWGB mode. For details on NAT rules creation, see Create NAT rules .

Configure WGB and uWGB radio modes

The radio mode on the Cisco IoT Workgroup Bridge (IW916x) can be configured to operate in one of two distinct modes: WGB or uWGB. The mode selection depends on the type of Root Access Point (RAP) in the network infrastructure and is designed to ensure compatibility and seamless connectivity.

  • WGB mode: Standard Workgroup Bridge operation for connecting non-wireless devices to a wireless network.

  • uWGB mode: Universal Workgroup Bridge operation for enhanced compatibility with specific network infrastructures.

Configure the radio in WGB mode

This procedure describes how to configure WGB mode.

You can optimize network configurations and improve operational efficiency by switching to WGB mode. In this mode, the WGB uses Cisco's proprietary protocol extensions for enhanced performance and features. This mode is ideal for Cisco infrastructure deployments. If the Root Access Point (RAP) is a Cisco Access Point, setting the Radio Mode to WGB enables full use of Cisco-specific enhancements.

Procedure

Step 1

From Cisco WGB Web UI, choose Network .

Step 2

Select a desired radio from the list of available Wireless Interface .

Step 3

Select WGB in Radio Mode > Radio Configurations .

The radio modes can be changed to any mode like WGB , uWGB , Root AP or Scan mode.

Configure uWGB mode on the radio

This procedure describes how to configure the device to operate in uWGB mode for interoperability in mixed-vendor environments and to access or manage the WebUI in uWGB mode.

You can optimize network configurations and enhance operational efficiency by switching to uWGB mode. In this mode, the WGB uses standard protocols to provide universal compatibility. This functionality allows seamless integration with non-Cisco Access Points (APs). This mode ensures interoperability in mixed-vendor environments. Setting the Radio Mode to uWGB provides universal compatibility and reliable connectivity if the Root Access Point (RAP) is a non-Cisco AP.

Once configuration is complete, use the WGB private LAN port address of the NAT wired client to access the WebUI in uWGB mode. For more details about NAPT on uWGB, refer to NAPT on uWGB .

Before you begin

To access or manage the WebUI in uWGB mode, configure the device with Network Address port translation (NAPT).

Procedure

Step 1

From Cisco WGB Web UI, choose Network .

Step 2

Select a desired radio from the list of available Wireless Interface .

Step 3

Select uWGB in Radio Mode > Radio Configurations .

The radio modes can be changed to any mode like WGB , uWGB , Root AP or Scan mode.

Step 4

Choose Radio MAC from drop-down.

Enter client MAC.

Step 5

Choose NAT Status from NAT drop-down.

Step 6

Enter the IP address of the NAT wired client in the Local IPv4 field to access the web UI.

Step 7

Click Update & apply to device .

Set IP address

The IP address used for accessing Cisco WGB Web UI can be set as either static or through DHCP to enhance the operational efficiency. With this approach, you can switch from static IP to dynamic IP and dynamic IP to static IP.

Switch from static IP to dynamic IP

This procedure describes how to change a static IP address to a dynamic IP address.

You can switch from a static IP to dynamic IP allocation to enable automatic IP address assignment. This change simplifies network management by removing the need for manual configuration and by reducing the risk of IP conflicts. It also helps conserve IP resources, as addresses are assigned dynamically only when devices are connected.

Procedure

Step 1

Choose Network > Management Interface .

Step 2

Select auxiliary-client .

Step 3

Change Static to DHCP from IPv4 Type drop-down.

Step 4

Click Update & apply to device .

Switch from dynamic IP to static IP

This procedure describes how to change a dynamic IP address to a static IP address.

You can switch from dynamic IP to static IP allocation to assign a fixed IP address to a device. This ensures consistent network identification, improves reliability for devices like servers or printers, and simplifies tasks such as port forwarding or troubleshooting by keeping the IP address unchanged.

Procedure

Step 1

Choose Network > Management Interface.

Step 2

Select auxiliary-client in Interface .

Step 3

Change DHCP to Static in the IPv4 Type drop-down.

Step 4

Update:

  • Static IP Address : specify the manually assigned IP.

  • Network Mask : specify the network and host portions of an IP address.

  • Gateway IP : specify the IP address of the router that interconnects networks.

  • DNS1 IP : specify the IP address of the primary DNS server.

Modify the RSSI threshold

This procedure describes how to modify the RSSI threshold.

The Received Signal Strength Indicator (RSSI) measures the power of a wireless signal and is used to evaluate connection quality and strength in wireless networks.

You can set an RSSI threshold to define the minimum signal strength required for maintaining a reliable and optimal wireless connection.

Procedure

Step 1

Choose Network .

Step 2

Choose the desired Radio Type in the Wireless Interface .

Step 3

Choose Mobility and RSSI threshold to optimize wireless network performance and ensure seamless connectivity for devices.

Step 4

Select Advanced in Radio Configurations .

Step 5

Update RSSI Threshold from drop-down in the Mobility.

The RSSI Threshold values are:

  • -30 dBm to -50 dBm: Excellent signal strength (ideal for most applications).

  • -50 dBm to -60 dBm: Good signal strength (suitable for reliable connectivity).

  • -60 dBm to -70 dBm: Fair signal strength (may experience minor connectivity issues).

  • -70 dBm to -80 dBm: Weak signal strength (likely to experience performance issues).

  • Less than -80 dBm: Very poor signal strength (connectivity may fail or be highly unreliable).

The default RSSI threshold value is -70 dBm.

Step 6

Modify these parameters in the Antenna drop-down to optimize signal strength, quality, coverage, and performance in wireless networks:

  • Antenna Number : optimizes signal reception and coverage.

  • Antenna Gain : measured in dBi, indicates an antenna's ability to focus signals, with higher values signifying stronger, more directional transmission.

    In Antenna Gain field, you can:

    • Enter a value

    • Use the in-field arrows to select a value.

    Values range from 2 dBi to 12 dBi.

  • Tx Power : maintains signal quality without interference.

    Values range from 1 dBm to 30 dBm.

  • Spatial Stream : Improves throughput and performance.

    Values range from 1 to 8.

Create NAT rules

This procedure describes how to create NAT rules.

You can use Network Address Translation (NAT) rules to convert private IP addresses into a single public IP address, allowing multiple devices on your network to share one public IP for internet access. This helps conserve public IP addresses and improves security by hiding internal IPs from external networks.

NAT also lets you set rules to control and manage traffic, guaranteeing only authorized data flows between your private and public networks, making it an essential tool for efficient and secure network management.

Procedure

Step 1

From Network page, choose the desired uplink radio in Wireless Interface .

Step 2

Set the NAT Outside Port Min and NAT Outside Port Max values in Radio Configurations > NAT .

Both NAT Outside Port Min and NAT Outside Port Max values for NAT port ranges must fall within the range of 1 to 65535.

Step 3

From Cisco WGB Web UI, choose Advance > NAT .

Step 4

Click Create and update these values:

  • Global port: Specify 443 as the external (public-facing) port for communication.

  • Local IP: Specify the internal (private) IP address of the device being mapped.

  • Local Port: Specify the type of traffic, such as TCP or UDP, to be translated.

  • Traffic Type: Specify the type of traffic, such as TCP or UDP, to be translated.

Step 5

Click Update & Apply to Device .

Manage firmware images

You can efficiently maintain and update device operations by reloading images, activating backups, performing factory resets, upgrading firmware, or importing and exporting configurations.

Reload the firmware image

This procedure describes how to reload the currently running firmware image.

You can reload the currently running firmware image to apply changes or address potential software issues.

Procedure

Step 1

Choose Administration > Firmware .

Step 2

Click Reboot in Running Software .

Load a backup image

This procedure describes how to load the back up firmware image.

You can load a backup image to restore the device to a previous stable state or recover from firmware-related issues.

Procedure

Step 1

Choose Administration > Firmware .

Step 2

Click Activate in Backup Software .

Perform a factory reset

This procedure describes how to factory reset the device.

You can perform a factory reset to restore the device to its default settings, clearing all configurations and customizations.

Procedure

Step 1

Choose Administration > Firmware .

Step 2

Click Clear Configuration .

Note

 

After selecting Clear Configuration , the WGB goes to Day 0 scenario.

Upgrade the firmware image

This procedure describes how to upgrade the currently running firmware image.

You can upgrade the firmware image to access new features, enhancements, or bug fixes for improved device performance.

Procedure

Step 1

Choose Administration > Firmware > Browse .

Step 2

Select the required image.

Step 3

Click Upgrade and wait for 180 seconds for the image to reboot and open the Web UI.

Import or export a configuration file

This procedure describes how to import or export a configuration file.

You can import or export a configuration file to back up current settings or to restore settings when needed.

Procedure

Step 1

Choose Administration > Configurations.

Step 2

Click View detail to check the current configurations in Cisco WGB.

Step 3

Click Download to download the configuration.

Step 4

Upload the desired configuration to import it later when needed.

Step 5

Click Upload & Apply .

Note

 

The desired configuration file must be of .txt format only.

When you download the configuration, the file is saved to your browser.