- Preface
- 1 Overview of Access Point Features
- 2 Using the Web-Browser Interface
- 3 Using the Command-Line Interface
- 4 Configuring the Access Point for the First Time
- 5 Administrating the Access Point
- 6 Configuring Radio Settings
- 7 Configuring Multiple SSIDs
- 8 Configuring Spanning Tree Protocol
- 9 Configuring an Access Point as a Local Authenticator
- 10 Configuring WLAN Authentication and Encryption
- 11 Configuring Authentication Types
- 12 Configuring Other Services
- 13 Configuring RADIUS and TACACS+ Servers
- 14 Configuring VLANs
- 15 Configuring QoS
- 16 Configuring Filters
- 17 Configuring CDP
- 18 Configuring SNMP
- 19 Configuring Repeater and Standby Access Points and Workgroup Bridge Mode
- 20 Managing Firmware and Configurations
- 21 Configuring SCEP
- 22 Configuring LLDP
- 23 Configuring L2TPv3 Over UDP/IP
- 24 Configuring Ethernet over GRE
- 25 Configuring System Message Logging
- 26 Troubleshooting
- 27 Miscellaneous AP-Specific Configurations
- APPENDIX A Protocol Filters
- APPENDIX B Supported MIBs
- APPENDIX C Error and Event Messages
- Cisco Aironet 700W Series
- Cisco Aironet 1570 Series
- Cisco IW3702 Access Point
Miscellaneous AP-Specific Configurations
This chapter contains miscellaneous configurations that are specific to certain access points.
Cisco Aironet 700W Series
Using the LAN ports on 700W APs
The Cisco Aironet 700W series access points have one 10/100/1000BASE-T PoE Uplink/WAN port and four 10/100/1000BASE-T RJ-45 local Ethernet ports for wired device connectivity. The fourth port functions as a PoE-Out port when the AP is powered by 802.3at Ethernet switch, Cisco power injector AIR-PWRJ4=, or Cisco Power Supply.
By default, all four local Ethernet ports are disabled. You can be enable them when required.
You can also configure the local Ethernet ports to a VLAN ID using the interface configuration command, vlan vlan-id.
Enable LAN ports on 702W
Step 1
Enter global configuration mode.
Assign a VLAN to the LAN ports
Use the commands given in the example below.
Verifying the LAN Port Configurations
Use the command given in the example below.
700W AP as Workgroup Bridge
Like other Cisco Access points 702W AP series also can be configured as a Workgroup Bridge (WGB).
A WGB can provide a wireless infrastructure connection for Ethernet-enabled devices. Devices that do not have a wireless client adapter in order to connect to the wireless network can be connected to the WGB through the Ethernet port.
The WGB supports up to 20 Ethernet-enabled devices to a Wireless LAN (WLAN). The WGB associates to the root AP through the wireless interface. In this way, wired clients obtain access to the wireless network. A WGB can associate to:
When a Cisco 702W access point acts as a WGB, the wired Ethernet clients behind the WGB can be either connected to the LAN or WAN ports present on the 702W AP.
Cisco Aironet 1570 Series
GPS and Cable Modem Configuration Commands
The following commands have been introduced to support the Global Positioning System (GPS) module and the cable modem for AP 1570.
|
|
|
|---|---|
Cisco IW3702 Access Point
This section contains the following features which are specific to the Cisco IW3702 access points.
- DLEP Client Support on WGB
- Dual Radio Parallel Redundancy Protocol Enhancement on WGB
- WGB Uplink Coordination
- Dual WGB Distributed PRP
- WGB Dynamic Link Forwarding
- Configuring IGMP Snooping Static Entry on IW3702
DLEP Client Support on WGB
The Dynamic Link Exchange Protocol (DLEP) client support feature allows the WGB to report radio link metrics to a router. The WGB acts as the DLEP client, and the router acts as the DLEP server. Routing path selection is based on radio link quality metrics.
For more information, see the DLEP Client Support on WGB section in the Cisco Wireless Controller Configuration Guide.
Dual Radio Parallel Redundancy Protocol Enhancement on WGB
The Dual Radio Parallel Redundancy Protocol (PRP) enhancement is the second phase of the PRP feature, which enables dual radio (2.4 GHz and 5 GHz) workgroup bridge mode on a WGB simultaneously. The WGB is wirelessly connected to the APs, with redundant packet transmissions over the dual 2.4-GHz and 5-GHz subsystem.
For more information, see the Dual Radio Parallel Redundancy Protocol Enhancement on WGB section in the Cisco Wireless Controller Configuration Guide.
WGB Uplink Coordination
The WGB uplink coordination feature allows the WGBs to select preferred parent access point based on configurable signal strength, channel utilization, or load threshold.
The existing PRP over wireless solutions do not have the coordination mechanism to let WGBs select preferred parent AP. Two radios of the WGBs can potentially associate to the same radio interface of one AP, which results in the redundant radio links sharing the same channel and suffering from the same RF interference.
The WGB uplink coordination feature addresses the potential RF interference issue for the PRP redundant wireless paths. When there is an alternate parent AP available and the signal quality meets the requirement, the two WGBs will try to associate to different parent APs. If there is only one single parent AP available, the two WGBs can still associate to the same parent AP.
Note The WGB uplink coordination feature is supported only on WGB mode of the IW3700 series access points.
The WGB Uplink Coordination is based on the comparison of RSSI, Channel utilization (CU), and load thresholds, which will be used to determine whether the WGB is to associate to a different parent AP.
If the candidate's RSSI is better than the configured RSSI threshold, the candidate AP will be chosen as the new parent. If the candidate’s RSSI is not as good as the threshold, but very close to the peer WGB’s parent AP, the candidate AP will also be chosen as the new parent. Otherwise, the uplink selection will be done by the legacy way.
As long as the candidate’s RSSI is better than the configured RSSI threshold, candidate AP’s CU/load will be compared with the configured CU/load threshold. If the candidate’s CU/load is better than configured CU/load threshold, the candidate AP will be chosen as the new parent. If the candidate’s CU/load is not as good as the threshold, but very close to the peer WGB’s parent AP, the candidate AP will also be chosen as the new parent. Otherwise, the uplink selection will be done by the legacy way.
Configuring Association Information Sync
The uplink coordination feature requires the WGB to synchronize its local association information with the peer WGB. The existing roaming coordination feature must be enabled.
Note For more information about the roaming coordination feature, see
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-4/config-guide/b_cg84/workgroup_bridges.html
Configuring Thresholds for AP Selection
You can configure the following thresholds on a specific radio interface of the WGB. If the candidate AP meets the requirements of these thresholds, WGB will choose it as the new parent AP.
You can configure this threshold in the range of 0-100 in percentage. The default is 0, which means the CU value will not be compared during the AP selection.
You can configure this threshold in the range of 0-100 in percentage. The default is 0, which means the AP load will not be compared during the AP selection. If both CU and AP load are configured, CU will be used during AP selection.
You can configure this threshold in the range of 1-100 dBm. The default is 60 dBm. If CU and Load thresholds are not configured, the uplink coordination will use the RSSI value for AP selection.
Use the following command to configure the CU, Load, and RSSI thresholds:
Configuring AP-Based or Radio-Based Coordination
The feature is based on the roaming coordination feature. Make sure the roaming coordination feature is properly configured and enabled.
Note For more information about the roaming coordination feature, see
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-4/config-guide/b_cg84/workgroup_bridges.html
You can configure ap-based or radio-based coordination for the following two scenarios:
- AP-based coordination—The two WGBs select different APs for the two uplinks if the pre-configured thresholds are met. It can be used to avoid single point of failure.
- Radio-based coordination—The two WGBs select different radio interfaces rather than selecting the same radio interface. It can be used to achieve throughput maximization.
Use the following command to configure radio-based or AP-based coordination. By default, the uplink coordination is disabled.
Configuring Same Radio Association Forbidden
When two WGBs associate to the same radio because no other radio meets the threshold requirement, the end-to-end traffic can benefit from the redundant wireless link, but the throughput may be affected because of the shared radio.
If you do not want two WGBs to associate to the same radio, you can use the following command to forbid the same radio association:
When this CLI is configured, if a different radio is scanned by WGB, a minimum RSSI threshold will be checked to avoid an association of poor quality. This RSSI value is defined by the coordination-uplink threshold rssi command under the radio interface. If the scanned radio is the same one that the peer WGB is associated with, it will not be associated.
If the peer association information is not available or the peer WGB is not associated, the first WGB will associate to the radio, and synchronize the current uplink RSSI to the peer WGB. The association information is updated when the WGB is associated or disassociated, or when the coordination tunnel between two WGBs is up or down.
If two WGBs are associated to the same radio unexpectedly during booting or communication tunnel up/down period, the RSSI will be compared with the peer WGB. The WGB with poor RSSI will drop the association. If the two RSSI values are identical, the slave WGB will drop the association.
Disassociation or roaming will trigger the peer WGB scan immediately.
If one WGB is associated but the other WGB is not associated, when the associated WGB prepares to roam, it will notify the peer WGB to start association first, and roam after the peer WGB is associate successfully.
Note The DFS channel takes as long as 110ms to scan. In the same-radio-forbidden mode, one WGB may keep unassociated during this period. To accelerate the association or re-association process, the DFS channel should not be used, otherwise the traffic drop may increase in certain roaming case.
Note In roaming coordination dual-radio mode, if same-radio-forbidden is configured, it works the same as radio-based coordination.
802.11v AP Selection
When 802.11v Basic Service Set (BSS) Transition is enabled, it allows WGB to request for a neighbor list and receive it from the current associated parent AP. WGB can use this list to identify a small set of channels to scan to find a better option of AP to re-associate with. The AP selection of 802.11v uses the existing neighbor list, where the RSSI variation trend is the main consideration for 802.11v AP selection, so only RSSI is stored and updated during the selection, and only the RSSI and the RSSI variation trend (Negative or Positive) will be checked. CU and AP load will not be used in 802.11v AP selection.
If the coordination is AP-based, after the initial selection, the selected AP will check if the RSSI value is greater than the configured threshold. If the RSSI value is not greater than the threshold, the AP will try radio-based coordination. If radio-based coordination fails too, no coordination will take effect.
Verifying the Configuration
The following command shows the current WGB and peer WGB association information if roaming coordination is in single radio mode, or both radio associations information if roaming coordination is in dual radio mode.
Use the following command to debug WBG association information synchronization:
Use the following command to debug WGB association and AP selection process:
Dual WGB Distributed PRP
The Cisco Wireless Controller Release 8.7 provides the Dual WGB Distributed PRP feature to extend the existing Dual Radio Parallel Redundancy Protocol Enhancement on WGB functionality to wired connections (see Figure 1). This feature also eliminates the dependency on external PRP switch on WGB side which is needed in the PRP Phase 1 feature (see Parallel Redundancy Protocol Enhancement on AP and WGB).
Note The Dual WGB Distributed PRP feature is supported only on WGB mode of the IW3700 Series access points.
In Figure 1, two IW3702 access points working in WGB mode interconnect through Ethernet port or via a non-PRP switch, working as master WGB and slave WGB respectively.
A PRP tunnel is introduced between the two WGBs, which is a unique dot1q tagged VLAN between the master and slave WGBs. The upstream traffic goes from the master to the slave, and the downstream traffic goes from the slave to the master.
The switch is to carry the PRP tunnel traffic and the MTU on the switch should be configured to at least 1526 bytes, because of the additional tunnel overhead and PRP trailer.
The major PRP function is implemented on the master WGB, including packet duplication and discard.
For the upstream traffic, the master WGB duplicates the packet. One copy is sent via radio interface, the other will be encapsulated and sent to the slave WGB via the PRP tunnel. When the slave WGB receives the packet, it will decapsulate the packet and send it out via its own radio interface.
For the downstream traffic, both WGBs will receive the identical packet respectively. The packet from the slave side will be encapsulated and sent to the master via the PRP tunnel. When the master WGB receives the packet, it will decapsulate it and filter it through the PRP stack as well as the packet received from its own radio interface, so that the packet discard is completed.
The master WGB will have a virtual interface which contains a radio interface for the WGB role, and an Ethernet interface used as the tunnel.
The wired client is only detected by the master WGB. It will synchronize the client information with the slave WGB.
Figure 1 Dual WGB Distributed PRP
Configuring Dual WGB Distributed PRP Function
Note If the following commands were configured under the uplink radio interface before, when the WGB Distributed PRP feature is enabled, these configurations will be lost.
You need to manually reconfigure these commands again: mobile station scan VALUE
mobile station period VALUE threshold VALUE
neighbor-list ignore CCX neighbor-list reports
Use the dot11 wgb dual-uplink command to configure the Dual WGB Distributed PRP function.
Use the following command to configure standard PRP redundant links.
Use the following command to configure the WGB as master or slave WGB.
Use the following command to configure uplink radio for the master WGB.
Use the following command to configure uplink radio for the slave WGB.
Use the following command to configure the PRP tunnel between the master and slave WGBs, where peer-mac is the MAC address of the peer GigabitEthernet interface.
You should configure a unique tunnel sub-interface on both the master WGB and the slave WGB. The following is an example:
The IGMP snooping should also be disabled on the tunnel vlan. The following is an example:
Verifying the Status and Debug Commands
In above command output, LAN-A values refer to the master WGB radio interface statistics, and LAN-B values refer to the master WGB tunnel interface statistics.
WGB Dynamic Link Forwarding
The WGB Dynamic Link Forwarding feature provides the ability to determine the data forwarding path based on radio metrics when two radio paths between WGB and AP are configured. While keeping both uplinks associated to AP, the uplink with the best link quality (referred to as active link) will be selected to transmit traffic.
To apply this feature, you do not have to change the existing AP facilities as long as they are in local mode or bridge mode. You can fine tune the radio metric thresholds to achieve promising throughput and latency.
The following two modes are supported for the WGB Dynamic Link Forwarding feature:
- Dual WGB Mode—Use one radio, either 2.4G or 5G, as the uplink on each of the two WGBs
- Single WGB Mode—Use both 2.4G and 5G as uplinks on one single WGB
Note The WGB Dynamic Link Forwarding feature is supported only on the IW3700 Series access points.
Overview of Dual WGB Mode
The dual WGB mode requires to use the same SSID for both master and slave WGBs. While keeping the uplinks of both WGBs associated to the AP, the uplink (WGB) with the best link quality will be selected to transmit traffic. The Internet Access Point Protocol (IAPP) messages are sent to associated AP only by the WGB with the best link quality.
A tunnel between two WGBs is established to switch traffic either from the master WGB or from the slave WGB, but never both. The master WGB detects whether the tunnel between the two WGBs is broken. If three consecutive heartbeat messages (the heartbeat message is sent every 500ms) are lost, the active link will be switched to the master WGB.
Figure 2 shows an example of the dual WGB mode topology where the master WGB has the better link.
Figure 2 Example of Dual WGB Mode With Master WGB Having Better Link
Figure 3 shows an example of the dual WGB mode topology where the slave WGB has the better link.
Figure 3 Example of Dual WGB Mode With Slave WGB Having Better Link
Note Even though you are not limited to choose different radio bands on WGBs, it is strongly recommended that you select the same radio band because the link metrics under different radio bands might not be consistent.
Note The tunnel between two WGBs introduces 20 bytes additional overhead. Make sure that MTU setting on the middle switch does not discard tunneled packets.
Overview of Single WGB Mode
In the single WGB mode, while keeping both 2.4GHz and 5GHz radio uplinks associated to the AP, the radio with the best link quality will be selected to transmit traffic.
The IAPP messages are sent to associated AP only by the radio with best link quality.
Figure 4 shows an example of the single WGB mode topology where the 2.4G radio is the better link.
Figure 4 Example of Single WGB Mode Topology With 2.4G Radio as Better Link
Figure 5 shows an example of the single WGB mode topology where the 5G radio is the better link.
Figure 5 Example of Single WGB Mode With 5G Radio as Better Link
Link Metrics Parameters
Link quality calculation involves the following parameters:
The values of these parameter are collected every 500ms by default. But with the threshold setting enabled, a crossover of the threshold event will trigger an update (and hence the recomputing) of the link metrics immediately.
Best Link Selection
Best link selection is based on RSSI/CDR link metrics calculation and packet drop/retry based link metrics calculation. On the inactive side, the CDR and drop/retry data might be inaccurate if there is no traffic. Some test traffic with 200 pps is sent to AP to improve the accuracy of calculation.
Signal strength is one of the important factors that needs to be taken into account when calculating link quality in wireless network. And different data rate is sensitive to signal strength. So RSSI and CDR are used to measure the link quality.
Normally, RSSI/CDR based metrics can evaluate the link quality well. But in some circumstances, best link selection algorithm needs to take packet drop/retry counter of the link into consideration.
When the metrics calculation is triggered, the RSSI/CDR based link metrics is calculated first to select one of the uplinks as the better one.
The data for link quality calculation is collected or updated when the following events happen:
When the timer expires, the current link quality metrics will be retrieved.
For dual WGB mode, on the slave WGB, the link quality value will be sent to master WGB via the tunnel. The master WGB will compare the values and update the current best-link information.
When a link association is down, the link quality of this association will be reset to 0 and the link quality update will be triggered. When the link association is restored and associated to the AP, the link quality update will be triggered as well.
For dual WGB mode, if the link of the slave WGB is down, the link quality value of 0 will be sent to the master WGB as well. The master WGB will compare the values and update the current best-link information.
Radio shutdown from WGB or WGB reload will trigger a link association status change event. Link quality will be updated accordingly and active link switch will happen timely.
Note Radio shutdown from AP or AP reload may cause 1-2 seconds traffic loss during the switching. The WGB may not respond timely because it detects loss of AP only after three consecutive beacon frames are lost.
Link metrics thresholds are configurable via CLI (see (Optional) Configuring Threshold Settings). When the link metric values are above the configured thresholds, a new quality update will be triggered, and the current best-link information will be updated if needed.
For dual WGB mode, the master WGB will compare the values and update the current best-link information.
When roaming happens on the current best link, it will trigger the link metric update, and change the best link to the other.
(Optional) Configuring Threshold Settings
Use the following command to configure the thresholds to trigger RSSI/CDR link metrics calculation:
Switch Flapping Prevention
Consecutive switch within one second is forbidden by the algorithm to prevent switch flapping. But in dual-radio case, roaming event triggers switching anyway.
Dual WGB Mode Configuration
New Commands for Dual WGB Mode Configuration
Use the following commands to configure dual WGB mode:
In dual WGB mode, a unique tunnel VLAN subinterface must be configured on both WGBs’ tunnel Ethernet interface. The following example configures tunnel VLAN 8:
Note The switch port which connects to the slave WGB must block wired client traffic. For the configuration of how to block the traffic, refer to the interface configuration of the switch which is connected behind the WGB.
Configuration to Avoid Bridge Loop
Wired network on WGB side can introduce a bridge loop if you connect the Ethernet port of two WGBs directly. You must configure ACL to the Ethernet interface on both WGBs to avoid bridge loop.
Configure the following on the Ethernet interface through which WGBs are connected:
Modifying Existing Dual WGB Mode Configuration
To change the existing dual WGB mode configuration of WGB tunnel interface number, link selection method, mode, or radio, which are configured under the dot11 wgb dual-uplink submode, follow the steps below:
Step 1 Disable the Dynamic Link Forwarding feature by using the no dot11 wgb dual-uplink command.
Step 2 Execute the dot11 wgb dual-uplink command again to enable the feature.
Step 3 Configure WGB tunnel interface number, link selection method, mode, and radio with new values.
Configuring Roaming Coordination for Dual WGB Mode
To reduce the chance of simultaneous roaming, you are recommended to enable the roaming coordination function. The roaming coordination feature can be configured either on GigabitEthernet0 interface or on a separate GigabitEthernet1 interface.
In the following example, client VLAN 800, SSID VLAN 801, and tunnel VLAN 50 are configured on the WGBs.
Note VLAN 8, 50, and 800 need to be created locally on this WGB connected switch.
Master WGB Configuration Example
In the following example, peer-mac 0081.c4b3.8038 is obtained by executing the show interfaces gigabitEthernet 0 comm and on the slave WGB.
Slave WGB Configuration Example
In the following example, peer-mac 003a.7d0d.521c is obtained by executing the show interfaces gigabitEthernet 0 comm and on the master WGB.
Verifying the Configuration
Use the show dot11 wgb dual-uplink command to view the statistics of the WGB Dynamic Link Forwarding configuration. The following examples show the outputs of master and slave WGBs:
Single WGB Mode Configuration
New Commands for Single WGB Mode Configuration
Use the following commands to configure single WGB mode:
where bvi-vlanid is the VLAN ID of the BVI interface for single WGB mode.
Note In single WGB mode, BVI is treated as a wired client. You need to specify the vlan_id explicitly by the optional CLI bvi-vlanid, so that BVI can be assigned with IP address properly by WLC.
To disable the Dynamic Link Forwarding feature of single WGB mode, the software reload is required after you disable this feature.
Modifying Existing Single WGB Mode Configuration
To change the existing single WGB mode configuration of link selection method, or BVI vlan_id, which are configured under the dot11 wgb dual-uplink submode, follow the steps below:
Step 1 Disable the Dynamic Link Forwarding feature by using the no dot11 wgb dual-uplink command.
Step 2 Execute the dot11 wgb dual-uplink command again to enable the feature.
Step 3 Configure link selection method, mode, and BVI vlan_id with new values.
Examples of Single WGB Mode Configuration
This section contains two configuration examples of the single WGB mode for different scenarios.
Single WGB Mode Configuration Example 1
In this example, the WGB connects to a switch and supports multiple VLANs, where VLAN 201 maps to management interface, and VLAN 800 serves for wired client which resides in dynamic interface 800.
Single WGB Mode Configuration Example 2
In this example, the WGB connects to a host, which means it does not support multiple VLANs.
Verifying the Configuration
Use the show dot11 wgb dual-uplink command to view the statistics of the WGB Dynamic Link Forwarding configuration. The following example shows the output of single WGB mode configuration:
Debug Commands
Use the clear dot11 wgb dual-uplink statistics command to clear the statistics.
Use the (no) debug dot11 dual-uplink dynlink command to enable or disable best link selection debug messages.
Roam-Base Dynamic Link Forwarding
Roam-Base Dynamic Link Forwarding was introduced in Cisco Wireless Release 8.10.130.0, as an enhancement to the existing WGB Dynamic Link Forwarding feature, where the best link switch will happen based on CDR/RSSI, Retry/Drop and during roaming events. But, this Roam-Base Dynamic Link Forwarding enhancement allows the best link switch to happen only during the roaming events and to stay intact until the next roam triggers on the active link.
For dual WGB mode, when the roam-base CLI is configured, the link switch happens only when either of the WGBs holding the best link goes for roam.
For single WGB mode, when the roam-base CLI is configured, the link switch happens only when either of the radios holding the best link goes for roam. In addition, a preferred radio can be configured so that the best link stays intact with selected radio until it roams, and gets back the best link once it completes the roam.
Configuring Dual WGB Mode
Follow these steps to configure roam-base best link selection for dual WGB mode:
Step 1 Enter dual uplink configuration submode:
Step 2 Configure tunnel for dual WGB mode:
Step 3 Configure roam-base link selection method:
Step 4 Configure primary or secondary WGB:
Primary WGB Configuration Example
Secondary WGB Configuration Example
Note In case of roam-base best link selection method, the uplink-metrics configuration under radio interfaces are not required and will not be accepted even if you try to configure it.
Verifying the Configuration
To verify the configuration, use the show dot11 wgb dual-uplink command on primary and secondary WGBs.
Configuring Single WGB Mode
Follow these steps to configure roam-based best link selection for single WGB mode:
Step 1 Enter dual uplink configuration submode:
Step 2 Configure roam-base link selection method:
Verifying the Configuration
Configuring Roam-Base Best Link Selection With Preferred Radio for Single WGB Mode
When preferred radio is configured with roam-base link selection for dual-radio of single WGB mode, the best link sticks with the preferred radio. When the preferred radio goes for roam, the best link changes to the other radio. Once the roam is completed, the best link will change back to the preferred radio from non-preferred radio.
Note The preferred radio configuration is not applicable to dual WGB mode.
Follow these steps to configure roam-based best link selection with preferred radio for single WGB mode:
Step 1 Enter dual uplink configuration submode:
Step 2 Configure roam-base link selection method and preferred radio:
Verifying the Configuration
Note In case of roam-base best link selection method in single WGB mode, for both roam-base or roam-base with preferred radio, the uplink-metrics configuration under either radio interface is not required. Even if you try to configure it, the command will not be accepted.
Configuring IGMP Snooping Static Entry on IW3702
Internet Group Management Protocol (IGMP) snooping streamlines multicast traffic handling for VLANs. By examining (snooping) IGMP membership report messages from interested hosts, multicast traffic is limited to the subset of VLAN interfaces on which the hosts reside.
From AireOS 8.8, WGBs can be configured to receive flooded downstream multicast from any dynamic interface defined in the IGMP snooping static table. The client behind WGB can receive multicast packets without sending IGMP join message.
You can also determine whether the entry in IGMP snooping table is added statically, or dynamically by device IGMP join message.
Note This feature is supported only for the Cisco IW3702 Access Point.
WLC Configuration
If the client behind WGB cannot send IGMP join, for the WGB to receive multicast packets, IGMP snooping should be disabled on WLC. Use the following command to enable WLC multicast and disable IGMP snooping:
WGB Configuration
Before configure IGMP snooping static entry on WGB, make sure that the following are configured:
To configure IGMP Snooping static group, use the following command:
Note The VLAN ID should be the same as the VLAN of GigabitEthernet subinterface.
Verifying the Configuration
To display configured static groups, use the following command:
Cisco AP803 Integrated Access Point
This section contains the following features which are specific to the CiscoAP803 Integrated Access Points.
Configuring Web Passthrough Captive Portal Support
The Web Passthrough Captive Portal Support feature is an extension of Autonomous AP Web Passthrough feature, to enable mobile devices to automatically complete the authentication process with the help of Captive Portal Assistant (CPA) of the mobile devices.
When a mobile device connects to the Wi-Fi SSID of IR829 AP803, the mobile device’s CPA launches a popup browser window, showing the consent page sent by captive portal. When the “Accept” button on the consent page is clicked, the browser window refreshes to display the “Thanks for accepting …” page. After several seconds, the “Thanks for accepting …” page redirects to another URL and the client is allowed to connect to the internet.
You can also configure the following functions of this feature:
By default, the consent page is an empty page which only contains the “Accept” and “Not accept” buttons. This feature allows you to customize the consent page by using your own template which contains customized content or advertisements. Copy your own template HTML file into the flash drive and execute the following command to set it as the consent template:
Sometimes the Android devices get unexpected “Consent Expired” error when accepting the consent. To support most Android devices and support embedding advertisement in consent page without causing the false “consent expired” error, use the following command to increase the timestamp queue:
where the value of < count > has the default of 5, and maximum of 64.
If you want to redirect the clients to another URL after the they accept the consent other than displaying the default “Thanks for accepting …” page, use the following command:
where < URL > is the redirect URL that you want the clients to be redirected after they accept the consent.
If you want to embed advertisements from some external server on the consent page before the clients accept the consent, you should add the IP address of advertisement server into access list using the following command:
- Web pass through customization can have both file and text. Use the following CLI for the custom consent page with text:
Configuration Example
Before you start, enable the existing Web Passthrough feature with the exiting commands.
Note Do not embed too many advertisements in the consent page. If the HTTP request count of your advertisements is larger than 63, the timestamp queue will be overwritten. It will cause the Consent Expired error.
Follow these steps to configure AP803:
Step 2 Customize the consent page.
Step 3 Support most Android devices and support embedding advertisement in consent page by increasing the timestamp queue.
Step 4 Set redirect URL, for example, http://cisco.com.
Step 5 Create web passthrough SSID.
Step 6 Associate the SSID configuration to dot11Radio configuration. You can use either do11Radio 0 or dot11Radio 1.
Step 7 Create whitelist for the advertisement server, for example, 72.163.4.161.
Configuring Service VLAN
The service VLAN function provides additional layer-3 subinterface for WGB mode. You can use the sub-interface as another management interface, create the service VLAN, and configure sub-interface of the VLAN under the Ethernet interface.
Follow these steps to configure service VLAN:
Step 1 Use the following command to configure the service VLAN with a vlan ID:
Step 2 Use the following commands to configure the sub-interface:
Note The service VLAN feature is supported on the GigabitEthernet interface which is also configured with sub-interface in bridge mode.
Note Do NOT configure bridge group under the sub-interface.
Feedback