A workgroup bridge (WGB) is an Access Point (AP) mode to provide wireless connectivity to wired clients that are connected to the Ethernet port of the WGB AP. A WGB connects a wired network over a single wireless segment by learning the MAC addresses of its wired clients on the Ethernet interface and reporting them to the WLC through infrastructure AP using Internet Access Point Protocol (IAPP) messaging. The WGB establishes a single wireless connection to the root AP, which in turn, treats the WGB as a wireless client.

Universal WGB (uWGB) is a complementary mode of WGB feature that acts as a wireless bridge between the wired client connected to uWGB and wireless infrastructure including Cisco and non-Cisco wireless network. One of the wireless interface is used to connect with the access point. The radio MAC is used to associate AP.

Starting from Cisco IOS XE Dublin 17.11.1, WGB is supported on the Cisco Catalyst IW9167E Heavy Duty Access Points.

This section provides limitations and restrictions for WGB and uWGB modes.

• The WGB can associate only with Cisco lightweight access points. The universal WGB can associate to a third party access point.

• In a Meraki wireless infrastructure that uses WPA1 security, uWGB do not associate with any SSIDs.

• Speed and duplex are automatically negotiated based on the capabilities of the locally connected endpoint and cannot be manually configured on the AP’s wired 0 and wired 1 interfaces.

• Per-VLAN Spanning Tree (PVST) and packets are used to detect and prevent loops in the wired and wireless switching networks. WGB transparently bridge STP packets. WGB can bridge STP packets between two wired segments. Incorrect or inconsistent configuration of STP in the wired segments can cause WGB wireless link to be blocked by the connected switch(es) to Access Point or WGB. This could cause WGB to disconnect from AP or AP disconnection to Controller to drop, and wired clients not receiving IP addresses, as STP begins to block switch port in the wired network. If administrator needs to disable bridging of STP between the wired segments by the WGB, we recommend disabling the STP on the directly connected switches in the wireless network.

• The following features are not supported for use with a WGB:

  • Idle timeout

  • Web authentication

• With Layer 3 roaming, if you plug a wired client into the WGB network after the WGB has roamed to another controller (for example, to a foreign controller), the wired client’s IP address displays only on the anchor controller, not on the foreign controller.

• When you deauthenticate a WGB record from a controller, all of the WGB wired clients’ entries are also deleted.

• These features are not supported for wired clients connected to a WGB:

  • MAC filtering

  • Link tests

  • Idle timeout

• Associating a WGB to a WLAN that is configured for Adaptive 802.11r is not supported.

• WGB supports IPv6 only when IPv4 is enable. But there is no impact on WGB wired clients IPv6 traffic.

• WGB management IPv6 does not work after WGB uplink association is completed. WGB can get an IPv6 address when the association is successful. But IPv6 ping will not be passed from or to WGB. SSH from wireless or wired client to WGB management IPv6 is not working. The workaround to bypass the pingable issue is to re-enable IPv6, even though IPv6 has already been enabled and the IPv6 address has been assigned.

• uWGB mode does not support SSH connecting to itself.

• uWGB mode supports neither TFTP nor SFTP. For software upgrade, you should perform it from WGB mode. For more information, see uWGB Image Upgrade.

• uWGB does not support host IP service. Some functions, such as image upgrade via radio uplink and remote management via SSH session, are not supported.

• For IW9167EH WGB/uWGB mode, the packet retries [N] drop command does not work in IOS XE Release 17.11.1.

• DFS channels are supported on IW9167EH WGB/uWGB from Release 17.13.1.

• Only Dot11Radio 0 and Dot11Radio 1 interfaces can be used as wireless uplink on IW9167EH WGB/uWGB.

• When the infrastructure AP operates on a non-DFS (Dynamic Frequency Selection) channel and changes its channel bandwidth, the WGB stays connected to the infrastructure AP using the original channel bandwidth.

  To make sure the WGB connects to the AP with the correct channel bandwidth. Use wireless client mac-address <wgb-wireless-client-mac-address> deauthenticate command on the wireless controller to deauthenticate the WGB wireless client.

It is required to set a strong password for WGB/uWGB after first login. The username and strong password should follow these rules:

1. Username length is between 1 and 32 characters.

2. Password length is between 8 to 120 characters.

3. Password must contain at least one uppercase character, one lowercase character, one digit, and one punctuation.

4. Password can contain alphanumeric characters and special characters (ASCII decimal code from 33 to 126), but the following special characters are not permitted: " (double quote), ' (single quote), ? (question mark).

5. Password cannot contain three sequential characters.

6. Password cannot contain three same characters consecutively.

7. Password cannot be the same as or reverse of the username.

8. New password must have at least four different characters compared to the current password.

For example, by default, the credential is

• username: Cisco

• password: Cisco

• enable password: Cisco

To reset the credential with the following strong password:

• username: demouser

• password: DemoP@ssw0rd

• enable password: DemoE^aP@ssw0rd

User Access Verification
Username: Cisco
Password: Cisco

% First Login: Please Reset Credentials

Current Password:Cisco
Current Enable Password:Cisco
New User Name:demouser
New Password:DemoP@ssw0rd
Confirm New Password:DemoP@ssw0rd
New Enable Password:DemoE^aP@ssw0rd
Confirm New Enable Password:DemoE^aP@ssw0rd

% Credentials changed, please re-login

[*04/18/2023 23:53:44.8926] chpasswd: password for user changed
[*04/18/2023 23:53:44.9074]
[*04/18/2023 23:53:44.9074] Management user configuration saved successfully
[*04/18/2023 23:53:44.9074]


User Access Verification
Username: demouser
Password: DemoP@ssw0rd
APFC58.9A15.C808>enable
Password:DemoE^aP@ssw0rd
APFC58.9A15.C808#

Note	In above example, all passwords are displayed in plain text for demonstration purpose. In real case, they are hidden by asterisks (*).

For a WGB to join a wireless network, you need to configure specific settings on the WLAN and related policy profile on the controller.

Follow these steps to configure the Cisco Client Extensions option and set the support of Aironet IE in the WLAN:

1. Enter WLAN configuration submode. The profile-name is the profile name of the configured WLAN.

   #wlan profile-name

2. Configure the Cisco Client Extensions option and set the support of Aironet IE on the WLAN.

   #ccx aironet-iesupport

   Note	Without this configuration, WGB is not able to associate to AP.

Follow these steps to configure WLAN policy profile:

1. Enter wireless policy configuration mode.

   #wireless profile policy profile-policy

2. Assign the profile policy to the VLAN.

   #vlan vlan-id

3. Configure WGB VLAN client support.

   #wgb vlan

The typical WGB configuration involves the following steps:

1. Create an SSID profile.

2. Configure radio as workgroup, and associate the SSID profile to the radio.

3. Turn on the radio.

WGB uplink supports various security methods, including:

• Open (unsecured)

• PSK

• Dot1x (LEAP, PEAP, FAST-EAP, TLS)

Note

Ensure that the below configuration order is followed when EAP-TLS security is desired on the WGB: Configure the device username/password, NTP server, hostname, and valid IP address. Create trustpoints and import the certificates using your preferred method. (Optional) Configure the dot1x credentials. Create the EAP profile and map the method, trustpoint name and dot1x credentials (optional). Bind the EAP profile to the SSID profile. Bind the SSID profile to the preferred radio.

Note

If you make any modifications to the dot1x credential profile, trustpoint profile, or EAP profile, the changes do not take effect immediately. You must manually re-attach the EAP profile to the SSID profile for the changes to apply. Use configure ssid-profile <ssid_prof_name> ssid authentication eap profile <eap_prof_name> key-management <key_type> command to re-attach the EAP profile to the SSID profile. Device#configure ssid-profile <ssid_prof_name> ssid <ssid name> authentication eap profile <eap_prof_name> key-management <key_type>

The following is an example of Dot1x FAST-EAP configuration:

configure dot1x credential demo-cred username demouser1 password Dem0Pass!@
configure eap-profile demo-eap-profile dot1x-credential demo-cred
configure eap-profile demo-eap-profile method fast
configure ssid-profile demo-FAST ssid demo-fast authentication eap profile demo-eap-profile key-management wpa2
configure dot11radio 0 mode wgb ssid-profile demo-FAST
configure dot11radio 0 enable

The following sections provide detailed information about WGB configuration.

The universal WGB is able to interoperate with non-Cisco access points using uplink radio MAC address, thus the universal workgroup bridge role supports only one wired client.

Most WGB configurations apply to uWGB. The only difference is that you configure wired client’s MAC address with the following command:

configure dot11 <0|1 > mode uwgb <uwgb_wired_client_mac_address > ssid-profile <ssid-profile >

The following is an example of Dot1x FAST-EAP configuration:

configure dot1x credential demo-cred username demouser1 password Dem0Pass!@
configure eap-profile demo-eap-profile dot1x-credential demo-cred
configure eap-profile demo-eap-profile method fast
configure ssid-profile demo-FAST ssid demo-fast authentication eap profile demo-eap-profile key-management wpa2
configure dot11radio 0 mode uwgb fc58.220a.0704 ssid-profile demo-FAST
configure dot11radio 0 enable

The following sections provide detailed information about uWGB configuration.

To convert from WGB to uWGB, use the following command:

#configure dot11radio <0 |1 > mode uwgb <WIRED_CLIENT_MAC > ssid-profile <SSID_PROFILE_NAME >

To convert from uWGB to WGB, use the following command. This conversion involves a reboot of the AP.

#configure Dot11Radio 1 mode wgb ssid-profile <SSID_PROFILE_NAME>

 This command will reboot with downloaded configs.
 Are you sure you want continue? [confirm]

Two new LED patterns are added to IW9167EH WGB mode:

• When WGB is in disassociated state, the System LED is blinking RED.

• When WGB makes association to parent AP, System LED turns to solid GREEN.

In WGB field moving case deployment, you can manually set a transmission rate limit with High Throughput (HT) Modulation and Coding Scheme (MCS).

The following is an example to configure WGB to transmit with 802.11n HT m4. m5. rate:

Config dot11radio [1 |2 ] 802.11ax disable

Config dot11radio [1 |2 ] 802.11ac disable

Config dot11radio [1 |2 ] speed ht-mcs m4. m5.

WGB also supports to configure legacy rates.

• For 802.11b/g, the legacy rates are configured as following:

  configure dot11radio 0 speed legacy-rate
  1.0 Allow 1.0 Mb/s rate
  11.0 Allow 11.0 Mb/s rate
  12.0 Allow 12.0 Mb/s rate
  18.0 Allow 18.0 Mb/s rate
  2.0 Allow 2.0 Mb/s rate
  24.0 Allow 24.0 Mb/s rate
  36.0 Allow 36.0 Mb/s rate
  48.0 Allow 48.0 Mb/s rate
  5.5 Allow 5.5 Mb/s rate
  54.0 Allow 54.0 Mb/s rate
  6.0 Allow 6.0 Mb/s rate
  9.0 Allow 9.0 Mb/s rate
  basic-1.0 Require 1.0 Mb/s rate
  basic-11.0 Require 11.0 Mb/s rate
  basic-12.0 Require 12.0 Mb/s rate
  basic-18.0 Require 18.0 Mb/s rate
  basic-2.0 Require 2.0 Mb/s rate
  basic-24.0 Require 24.0 Mb/s rate
  basic-36.0 Require 36.0 Mb/s rate
  basic-48.0 Require 48.0 Mb/s rate
  basic-5.5 Require 5.5 Mb/s rate
  basic-54.0 Require 54.0 Mb/s rate
  basic-6.0 Require 6.0 Mb/s rate
  basic-9.0 Require 9.0 Mb/s rate
  default Set default legacy rates

• For 802.11a, the legacy rates are configured as following:

  configure dot11radio [1|2] speed legacy-rate
  12.0 Allow 12.0 Mb/s rate
  18.0 Allow 18.0 Mb/s rate
  24.0 Allow 24.0 Mb/s rate
  36.0 Allow 36.0 Mb/s rate
  48.0 Allow 48.0 Mb/s rate
  54.0 Allow 54.0 Mb/s rate
  6.0 Allow 6.0 Mb/s rate
  9.0 Allow 9.0 Mb/s rate
  basic-12.0 Require 12.0 Mb/s rate
  basic-18.0 Require 18.0 Mb/s rate
  basic-24.0 Require 24.0 Mb/s rate
  basic-36.0 Require 36.0 Mb/s rate
  basic-48.0 Require 48.0 Mb/s rate
  basic-54.0 Require 54.0 Mb/s rate
  basic-6.0 Require 6.0 Mb/s rate
  basic-9.0 Require 9.0 Mb/s rate
  default Set default legacy rates
  

Legacy rate is used by 802.11 management frame and control frame. WGB legacy rates should match AP's legacy rates, or at least, having overlap between these two rate sets. Otherwise, WGB association will be rejected due to mismatched rates.

To check WGB Tx MCS rate, use the debug wgb dot11 rate command. The following example shows the output of this command.

To help troubleshooting radio connection issues, use the following commands:

• #debug wgb dot11 rate

  #debug wgb dot11 rate
  [*03/13/2023 18:00:08.7814]                MAC    Tx-Pkts    Rx-Pkts                    Tx-Rate(Mbps)                    Rx-Rate(Mbps)  RSSI   SNR Tx-Retries
  [*03/13/2023 18:00:08.7814] FC:58:9A:17:C2:51          0          0       HE-20,2SS,MCS6,GI0.8 (154)       HE-20,3SS,MCS4,GI0.8 (154)   -30    62          0
  [*03/13/2023 18:00:09.7818] FC:58:9A:17:C2:51          0          0       HE-20,2SS,MCS6,GI0.8 (154)       HE-20,3SS,MCS4,GI0.8 (154)   -30    62          0
  

  In this example, FC:58:9A:17:C2:51 is the parent AP radio MAC.

• #show interfaces dot11Radio <slot-id > statistics

  #show interfaces dot11Radio 1 statistics
  Dot11Radio Statistics:
          DOT11 Statistics (Cumulative Total/Last 5 Seconds):
  RECEIVER                                TRANSMITTER
  Host Rx K Bytes:        965570/0        Host Tx K Bytes:       1611903/0
  Unicasts Rx:            379274/0        Unicasts Tx:           2688665/0
  Broadcasts Rx:         3166311/0        Broadcasts Tx:               0/0
  Beacons Rx:          722130099/1631     Beacons Tx:          367240960/784
  Probes Rx:           588627347/2224     Probes Tx:            78934926/80
  Multicasts Rx:         3231513/0        Multicasts Tx:           53355/0
  Mgmt Packets Rx:     764747086/1769     Mgmt Packets Tx:     446292853/864
  Ctrl Frames Rx:        7316214/5        Ctrl Frames Tx:              0/0
  RTS received:                0/0        RTS transmitted:             0/0
  Duplicate frames:            0/0        CTS not received:            0/0
  MIC errors:                  0/0        WEP errors:            2279546/0
  FCS errors:                  0/0        Retries:                896973/0
  Key Index errors:            0/0        Tx Failures:              8871/0
                                          Tx Drops:                    0/0
   
  Rate Statistics for Radio::
  [Legacy]:
  6 Mbps:
   Rx Packets:     159053/0            Tx Packets:      88650/0
                                       Tx Retries:       2382/0
  9 Mbps:
   Rx Packets:         43/0            Tx Packets:         23/0
                                       Tx Retries:         71/0
  12 Mbps:
   Rx Packets:          1/0            Tx Packets:        119/0
                                       Tx Retries:        185/0
  18 Mbps:
   Rx Packets:          0/0            Tx Packets:          5/0
                                       Tx Retries:        134/0
  24 Mbps:
   Rx Packets:        235/0            Tx Packets:      20993/0
                                       Tx Retries:       5048/0
  36 Mbps:
   Rx Packets:          0/0            Tx Packets:        781/0
                                       Tx Retries:        227/0
  54 Mbps:
   Rx Packets:        133/0            Tx Packets:       9347/0
                                       Tx Retries:       1792/0
   
  [SU]:
  M0:
   Rx Packets:          7/0            Tx Packets:          0/0
                                       Tx Retries:          6/0
  M1:
   Rx Packets:       1615/0            Tx Packets:      35035/0
                                       Tx Retries:       3751/0
  M2:
   Rx Packets:      15277/0            Tx Packets:     133738/0
                                       Tx Retries:      22654/0
  M3:
   Rx Packets:      10232/0            Tx Packets:       1580/0
                                       Tx Retries:      21271/0
  M4:
   Rx Packets:     218143/0            Tx Packets:     190408/0
                                       Tx Retries:      36444/0
  M5:
   Rx Packets:     399283/0            Tx Packets:     542491/0
                                       Tx Retries:     164048/0
  M6:
   Rx Packets:    3136519/0            Tx Packets:     821537/0
                                       Tx Retries:     329003/0
  M7:
   Rx Packets:    1171128/0            Tx Packets:     303414/0
                                       Tx Retries:     154014/0
   
   
   
  Beacons missed: 0-30s 31-60s 61-90s 90s+
                       2      0      0    0
  

• #show wgb dot11 uplink latency

  AP4C42.1E51.A050#show wgb dot11 uplink latency
  Latency Group Total Packets Total Latency Excellent(0-8) Very Good(8-16) Good (16-32 ms) Medium (32-64ms) Poor (64-256 ms) Very Poor (256+ ms)
          AC_BK             0             0              0               0               0                0                0                   0
          AC_BE          1840       4243793           1809              10              14                7                0                   0
          AC_VI             0             0              0               0               0                0                0                   0
          AC_VO            24         54134             24               0               0                0                0                   0
  

• #show wgb dot11 uplink

  AP4C42.1E51.A050#show wgb dot11 uplink
  
  HE Rates: 1SS:M0-11 2SS:M0-11 
  Additional info for client 8C:84:42:92:FF:CF
  RSSI: -24
  PS  : Legacy (Awake)
  Tx Rate: 278730 Kbps
  Rx Rate: 410220 Kbps
  VHT_TXMAP: 65530
  CCX Ver: 5
  Rx Key-Index Errs: 0
                mac     intf TxData TxUC TxBytes TxFail TxDcrd TxCumRetries MultiRetries MaxRetriesFail RxData RxBytes RxErr                 TxRt(Mbps)                 RxRt(Mbps)   LER PER stats_ago
  8C:84:42:92:FF:CF wbridge1   1341 1341  184032      0      0          543           96              0    317   33523     0 HE-40,2SS,MCS6,GI0.8 (309) HE-40,2SS,MCS9,GI0.8 (458) 27272   0  1.370000
  Per TID packet statistics for client 8C:84:42:92:FF:CF
  Priority Rx Pkts Tx Pkts Rx(last 5 s) Tx (last 5 s)
         0      35    1314            0             8
         1       0       0            0             0
         2       0       0            0             0
         3       0       0            0             0
         4       0       0            0             0
         5       0       0            0             0
         6     182      24            1             0
         7       3       3            0             0
  Rate Statistics:
  Rate-Index    Rx-Pkts    Tx-Pkts Tx-Retries
           0         99          3          0
           4          1          1          9
           5         21         39         35
           6         31        185         64
           7         26        124         68
           8         28        293         82
           9         77        401        151
          10         32        140         97
          11          2        156         37
  

For WGB field deployment, event logging will collect useful information (such as WGB state change and packets rx/tx) to analyze and provide log history to present context of problem, especially in roaming cases.

You can configure WGB trace filter for all management packet types, including probe, auth, assoc, eap, dhcp, icmp, and arp. To enable or disable WGB trace, use the following command:

#config wgb event trace {enable |disable }

Four kinds of event types are supported:

• Basic event: covers most WGB basic level info message

• Detail event: covers basic event and additional debug level message

• Trace event: recording wgb trace event if enabled

• All event: bundle trace event and detail event

The log format is [timestamp] module:level <event log string>.

When abnormal situations happen, the eventlog messages can be dumped manually to memory by using the following show command which also displays WGB logging:

#show wgb event [basic |detail |trace |all ]

The following example shows the output of show wgb event all:

APC0F8.7FE5.F3C0#show wgb event all
[*08/16/2023 08:18:25.167578] UP_EVT:4 R1 IFC:58:9A:17:B3:E7] parent_rssi: -42 threshold: -70
[*08/16/2023 08:18:25.329223] UP_EVT:4 R1 State CONNECTED to SCAN_START
[*08/16/2023 08:18:25.329539] UP_EVT:4 R1 State SCAN_START to STOPPED
[*08/16/2023 08:18:25.330002] UP_DRV:1 R1 WGB UPLINK mode stopped
[*08/16/2023 08:18:25.629405] UP_DRV:1 R1 Delete client FC:58:9A:17:B3:E7
[*08/16/2023 08:18:25.736718] UP_CFG:8 R1 configured for standard: 7
[*08/16/2023 08:18:25.989936] UP_CFG:4 R1 band 1 current power level: 1
[*08/16/2023 08:18:25.996692] UP_CFG:4 R1 band 1 set tx power level: 1
[*08/16/2023 08:18:26.003904] UP_DRV:1 R1 WGB uplink mode started
[*08/16/2023 08:18:26.872086] UP_EVT:4 Reset aux scan
[*08/16/2023 08:18:26.872096] UP_EVT:4 Pause aux scan on slot 2
[*08/16/2023 08:18:26.872100] SC_MST:4 R2 reset uplink scan state to idle
[*08/16/2023 08:18:26.872104] UP_EVT:4 Aux bring down vap - scan
[*08/16/2023 08:18:26.872123] UP_EVT:4 Aux bring up vap - serv
[*08/16/2023 08:18:26.872514] UP_EVT:4 R1 State STOPPED to SCAN_START
[*08/16/2023 08:18:26.8727091 SC_MST:4 R1 Uplink Scan Started.
[*08/16/2023 08:18:26.884054] UP_EVT:8 R1 CH event 149

Note	It might take a long time to display the show wgb event command output in console. Using ctrl+c to interrupt the printing will not affect log dump to memory.

The following clear command erases WGB events in memory:

#clear wgb event [basic |detail |trace |all ]

To save all event logs to WGB flash, use the following command:

#copy event-logging flash

The package file consists of four separate log files for different log levels.

You can also save event log to a remote server by using the following command:

#copy event-logging upload < tftp| sftp| scp>://A.B.C.D[/ dir][/ filename.tar.gz]

The following example saves event log to a TFTP server:

APC0F8.7FE5.F3C0#copy event-logging upload tftp://192.168.100.100/tftpuser/evtlog-2023-05-31_11:45:49.tar.gz
Starting upload of WGB config tftp://192.168.100.100/tftpuser/evtlog-2023-05-31_11:45:49.tar.gz ...
It may take a few seconds. If longer, please cancel command, check network and try again.
######################################################################## 100.0%
Config upload completed.

Note	While the copy event-logging upload < tftp| sftp| scp>://A.B.C.D[/ dir][/ filename.tar.gz] command remains supported. Starting from UIW Release 17.17.1, we recommend using the below transfer commands to obtain more comprehensive diagnostic information.

Use the below task to configure remote server and protocol type (TFTP or SFTP) on the WGB to collect and transfer event logs.

• Use the transfer upload mode{ ftp| tftp} command to select the protocol for log transfer.

  Device#transfer upload mode sftp

• If using SFTP, use the transfer upload username username password password to configure the username and password.

  Device#transfer upload username Cisco password Cisco123

• Use the transfer upload server-ip remote-server-ip to configure the remote server IP address.

  Device#transfer upload server-ip 192.168.71.11

• (Optional) Use the transfer upload server-ip remote-server-ip path remote-server-path to configure the remote server path.

  Device#transfer upload server-ip 192.168.71.11 path /upload/wgb

  Note	The above static configurations are persistent and will remain effective even after a device reload.

• Use the transfer upload start command to collect event logs and transfer them to the remote server.

  Device#transfer upload start

Once the remote server is configured, the device collects and transfers the following data:

• The device collects core files for troubleshooting purposes.

• It gathers syslog files to monitor system events and activities.

• The WGB or uWGB running configuration is retrieved for configuration backup.

• Radio reset history is recorded to identify potential connectivity issues.

• Event logging data is transferred to track system performance and incidents.

The aux-scan mode can be configured as either scanning only or handoff mode on WGB radio 2 (5 GHz) to improve roaming performance. When roaming is triggered, the WGB refers to the scanning table to find the best parent AP. The scanning table is updated using: radio 0 or radio 4 for 2.4 GHz, and radio 1 or radio 4 for 5 GHz.

• Overview of Scanning-Only Mode

• Configuring Scanning Only Mode

• Radio 4 as Scanning Only Mode

• Configuring Aux-Scan Handoff Mode

• Optimized Roaming with Dual-Radio WGB

One-to-one (1:1) Layer 2 NAT is a service that allows the assignment of a unique public IP address to an existing private IP address (end device), so that the end device can communicate with public network. Layer 2 NAT has two translation tables where private-to-public and public-to-private subnet translations can be defined.

In the industrial scenario where the same firmware is programmed to every HMI (customer machine, such as a Robot), firmware duplication across machines means IP address is reused across HMIs. This feature solves the problem of multiple end devices with the same duplicated IP addresses in the industrial network communicating with the public network.

The following table provides the commands to configure Layer 2 NAT:

The following table provides the show and debug commands to verify and troubleshoot your Layer 2 NAT configuration:

A typical deployment of WGB is that a single wired client connects directly to the WGB Ethernet port. As a result, wired client traffic must be on the same VLAN as the WGB (or WLC/AP/WGB) management VLAN. If you need the wired client traffic to be on a different VLAN other than the WGB management VLAN, you should configure native VLAN on the Ethernet port.

Note	Configuring native VLAN ID per Ethernet port is not supported. Both Ethernet ports share the same native VLAN configuration.

Note

When WGB broadcast tagging is enabled and a single wired passive client connects directly to the WGB Ethernet port, it may hit the issue that infrastructure DS side client fails to ping this WGB behind the passive client. The workaround is to configure the following additional commands: configure wgb ethport native-vlan enable and configure wgb ethport native-vlan id X, where X is the same VLAN as the WGB (or WLC/AP/WGB) management VLAN.

The following table provides the commands to configure native VLAN:

#config wgb ethport native-vlan enable

#config wgb ethport native-vlan id 2735

To verify your configuration, use the show wgb ethport config or show running-config command.

On day 0, you should assign proper country code to the WGB/uWGB with -ROW reg domain. WGB will load corresponding power table after rebooting.

To assign country code, use the following command:

#configure countrycode
  Supported ROW country codes:
  GB VN

  WORD  Select one of above ROW country codes.

Note	After the ROW country code is configured, if you want to change the configuration to another country, you need to perform a factory reset first, and then configure the new country code.

IW9167EH supports indoor deployment for -E domain and GB in -ROW domain .

For outdoor mode, the IW9167EH 5G radio supports channels 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140. When indoor deployment is enabled, 5G radio supports channels 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140.

To configure indoor mode, use the configure wireless indoor-deployment enable command.

To disable indoor mode, use the configure wireless indoor-deployment disable command.

#configure wireless indoor-deployment
  disable  Disable indoor deployment
  enable   Enable indoor deployment

You can check the indoor or outdoor mode by using the show controllers Dot11Radio [1|2] command. In the command output, "-Ei" means the indoor mode is enabled, and "-E" means indoor mode is disabled, as shown in the following examples. The CLI output also shows the supported channels.

#show controllers Dot11Radio [1|2]
…
Radio Info Summary:
=======================
Radio: 5.0GHz
Carrier Set: (-Ei)  ( GB )
Base radio MAC: FC:58:9A:15:B7:C0
Supported Channels:
36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140

#show controllers Dot11Radio [1|2]
…
Radio Info Summary:
=======================
Radio: 5.0GHz
Carrier Set: (-E)  ( GB )
Base radio MAC: FC:58:9A:15:B7:C0
Supported Channels:
100 104 108 112 116 120 124 128 132 136 140

Use the following command to configure the threshold duration and signal strength to trigger reconnecting. Default value is: period 20s and threshold -70db.

# configure wgb mobile period <time> <rssi-threshold>

Use the following command to configure beacon miss count to trigger reconnecting. Default value is 10.

# config wgb beacon miss-count <count>

Use the following command to configure max packet retry to trigger reconnecting. Default value is 64.

# configure wgb packet retries <retry-count>

Use the following command to configure the static roaming channel:

# configure wgb mobile station interface dot11Radio <slot_id> scan <channel_id> add

Use the following command to delete the mobile channel:

# configure wgb mobile station interface dot11Radio <slot_id> scan <channel_id> delete

Use the following command to scan all channels:

# configure wgb mobile station interface Dot11Radio 1 scan all

You can upload the working configuration of an existing WGB to a server, and then download it to the new deployed WGBs.

To upload the configuration to a server, use the following command:

#copy configuration upload <sftp:|tftp://> ip-address [directory] [file-name]

To download a sample configuration to all WGBs in the deployment, use the following command:

#copy configuration download <sftp:|tftp://> ip-address [directory] [file-name]

The access point will reboot after the copy configuration download command is executed. The imported configuration will take effect after the rebooting.

Use the show run command to check whether the AP is in WGB mode or uWGB mode.

• WGB:

  #show run
  AP Name              : APFC58.9A15.C808
  AP Mode              : WorkGroupBridge
  CDP State            : Enabled
  Watchdog monitoring  : Enabled
  SSH State            : Disabled
  AP Username          : admin
  Session Timeout      : 300
   
   
  Radio and WLAN-Profile mapping:-
  ====================================
  Radio ID    Radio Mode    SSID-Profile                    SSID
            Authentication
  --------------------------------------------------------------------------------
  --------------------------
  1           WGB           myssid                          demo
            OPEN
   
   
  Radio configurations:-
  ===============================
  Radio Id             : NA
     Admin state       : NA
     Mode              : NA
  Radio Id             : 1
     Admin state       : DISABLED
     Mode              : WGB
     Dot11 type        : 11ax
  Radio Id             : NA
     Admin state       : NA
     Mode              : NA
   

• uWGB:

  #show run
  AP Name              : APFC58.9A15.C808
  AP Mode              : WorkGroupBridge
  CDP State            : Enabled
  Watchdog monitoring  : Enabled
  SSH State            : Disabled
  AP Username          : admin
  Session Timeout      : 300
   
   
  Radio and WLAN-Profile mapping:-
  ====================================
  Radio ID    Radio Mode    SSID-Profile                    SSID
            Authentication
  --------------------------------------------------------------------------------
  --------------------------
  1           UWGB          myssid                          demo
            OPEN
   
   
  Radio configurations:-
  ===============================
  Radio Id             : NA
     Admin state       : NA
     Mode              : NA
  Radio Id             : 1
     Admin state       : DISABLED
     Mode              : UWGB
     Uclient mac       : 0009.0001.0001
     Current state     : WGB
     UClient timeout   : 0 Sec
     Dot11 type        : 11ax
  Radio Id             : NA
     Admin state       : NA
     Mode              : NA
  

Use the show wgb dot11 associations command to verify the configuration of WGB and uWGB.

• WGB:

  #show wgb dot11 associations
  Uplink Radio ID : 1
  Uplink Radio MAC : 00:99:9A:15:B4:91
  SSID Name : roam-m44-open
  Parent AP Name : APFC58.9A15.C964
  Parent AP MAC : 00:99:9A:15:DE:4C
  Uplink State : CONNECTED
  Auth Type : OPEN
  Dot11 type : 11ax
  Channel : 100
  Bandwidth : 20 MHz
  Current Datarate (Tx/Rx) : 86/86 Mbps
  Max Datarate : 143 Mbps
  RSSI : 53
  IP : 192.168.1.101/24
  Default Gateway : 192.168.1.1
  IPV6 : ::/128
  Assoc timeout : 100 Msec
  Auth timeout : 100 Msec
  Dhcp timeout : 60 Sec

• uWGB:

  #show wgb dot11 associations
  Uplink Radio ID : 1
  Uplink Radio MAC : 00:09:00:01:00:01
  SSID Name : roam-m44-open
  Parent AP MAC : FC:58:9A:15:DE:4C
  Uplink State : CONNECTED
  Auth Type : OPEN
  Uclient mac : 00:09:00:01:00:01
  Current state : UWGB
  Uclient timeout : 60 Sec
  Dot11 type : 11ax
  Channel : 36
  Bandwidth : 20 MHz
  Current Datarate (Tx/Rx) : 77/0 Mbps
  Max Datarate : 143 Mbps
  RSSI : 60
  IP : 0.0.0.0
  IPV6 : ::/128
  Assoc timeout : 100 Msec
  Auth timeout : 100 Msec
  Dhcp timeout : 60 Sec

Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language that is used for monitoring and managing devices in a network.

WGBs provide network administrators with an SNMP interface, allowing them to poll various states and counters. This enables administrators to easily monitor the health of their WGBs in the field.

By default, SNMP is disabled.

The SNMP framework has the following components, which are as follows.

• SNMP Manager : The Simple Network Management Protocol (SNMP) manager is a system that controls and monitors the activities of network hosts using SNMP. The most common managing system is a network management system (NMS). The term NMS can be applied either to a dedicated device used for network management or to the applications used on such a device.

• SNMP Agent: The Simple Network Management Protocol (SNMP) agent is the software component within a managed device that maintains the data for the device and reports this data, as needed, to managing systems.

• SNMP MIB: An SNMP agent contains MIB variables, whose values the SNMP manager can request or change through Get or Set operations. A manager can get a value from an agent or store a value in that agent. The agent gathers data from the SNMP MIB, the repository for information about device parameters and network data. The agent can also respond to manager requests to get or set data.

The following illustration shows the SNMP process. SNMP agent receives a request from SNMP client, and it passes the request to the subagent. The subagent then returns a response to the SNMP agent and the agent creates an SNMP response packet and sends the response to the remote network management station that initiated the request.

Starting from Cisco Unified Industrial Wireless Software Release 17.14.1, WGB allows you to classify different packets from two wired ports and mark them to the different access control driver queues according to the user configuration.

In addition to TCP or UDP, WGB also supports ethertype-based and DSCP-based classification. To meet the jitter and latency requirement, the WGB must classify packets and assign them to different access control queues based on the field environment.