Cisco 2800/3800 AP as WGB

21-7-2020 Wireless Mrn-cciew 1719

Cisco enabled WGB feature on Wave2 APs (only for 2800/3800/1560 series) from AireOS 8.8.x release onward. Traditionally WGB feature supported only on Autonomous mode in IOS based APs. There are not autonomous images available for COS based APs (Click OS APs – 1800/2800/3800/4800).
In this post, we will configure 3802 as WGB with 802.1X (PEAP). Here is the topology for this post. 802.1X SSID configured with Central switching. WGB and wired client behind it get IP addresses via DHCP from the central site (192.168.99.x/24)

Here is the 3802 image version being used in this testing.
AP3802# show version
cisco AIR-AP3802I-Z-K9 ARMv7 Processor rev 1 (v7l) with 1028252/557172K bytes of memory.
Processor board ID FGL2201A3U2
AP Running Image : 8.10.122.0
Primary Boot Image : 8.10.122.0
Backup Boot Image : 8.10.121.0
.
Radio Driver version : 9.0.5.5-W8964
Radio FW version : 9.1.8.1
NSS FW version : 2.4.28
If you follow my previous post on WGB with PEAP on Autonomous AP, you see config steps are shown below

Configure a Trust Point on AP
crypto pki trustpoint MRN_TRUST
enrollment terminal
subject-name CN=WGB
revocation-check none
rsakeypair WGB 2048

Upload Root CA for configured Trust Point
WGB# crypto pki authenticate MRN_TRUST
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
.
.
-----END CERTIFICATE-----
quit

Configure 802.X credential profile
dot1x credentials MRN-CRD
username xxx
password xxxx
pki-trustpoint MRN_TRUST

Configure EAP Profile
eap profil e MRN-PRO
method peap

Configure SSID and map EAP/802.1X Profile
dot11 ssid mrn-wpa2e
authentication open eap MRN_TRUST
authentication key-management wpa version 2
dot1x credentials MRN-CRD
dot1x eap profile MRN-PRO
infrastructure-ssid

Change Radio station-role to WGB and assign SSID
interface Dot11Radio1
encryption mode ciphers aes-ccm
ssid mrn-wpa2e
station-role workgroup-bridge

Before you configure WGB settings on 3802, you have to change AP mode to WGB. AP will be reloaded & then you can configure WGB specific configurations.
AP3802>enable
AP3802#ap-type ?
capwap Switch to CAPWAP AP type
cloud Switch to cloud AP type
mobility-express Switch to Mobility Express AP type
workgroup-bridge Switch to Workgroup Bridge(WGB) AP type

AP3802# ap-type workgroup-bridge
WGB is a wireless client that serve as nonroot ap for wired clients.
AP is the Master/CAPWAP AP, system will need a reboot when ap type is changed to
WGB. Do you want to proceed? (y/N):...
Read The Rest

Related News


Top