Unreachable device behind a workgroup bridge

Hello,
we have a problem, that already occured at two locations:
We installed workgroup bridges (at one location a AP-1242AG connecting to an IOS-AP, at the other location a AP-1131AG connecting to a controller-based WLAN). Behind these workgroup bridges there are devices that talk very little by themselves (about one packet per hour).
So in the IOS-WLAN they are reachable only after pinging the device from the AP to which the WGB is connected. In the controller-based WLAN they are only reachable from the WGB itself, not from the rest of the LAN.
My suspicion is, that these devices disappear from the ARP-/Mac-Address-tables because of the little traffic they send. How can we work around this problem? Static ARP- and/or MAC-Entries? But where to place them, in the core, on the APs?
I would appreciate any help.
Thanks,
Sebastian

Here is the URL for the WLC configuration and troubleshooting guide which will help you :
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml
http://www.cisco.com/en/US/products/hw/modules/ps2797/products_tech_note09186a0080811085.shtml

Similar Messages

Question re: BR1310 in Workgroup Bridge Mode

When a BR1310 is in Workgroup bridge mode, it can provide a wired connection from the BR to a device. Can it also service wireless users?

If I understand your question you need more equipment to provide wireless connectivity from the location of the WGB. Add a switch/hub to the output of the BR1310 and an Acess Point to one of the hubs ports.

Can a Workgroup bridge 352 act as a LEAP client (supplicant) ?

Is it possible for a WGB in Version 8.84 to act as a LEAP client (supplicant) instead of the connected client NICs in the workgroup?
This question is as important as the workgroup could be composed of IP Cameras or other IP devices who could not act as a LEAP Client.
Thank you
Jacky

Hi,
It is not so clear as it seems to be, because several CCO documents are introducing this LEAP ability of the WGB but none of them give details.
http://www.cisco.com/en/US/products/hw/wireless/ps458/products_data_sheet09186a0080088833.html
"For authentication of devices attached to the workgroup, a username and password may be stored in the workgroup bridge in either static or dynamic memory. When authenticated, the workgroup bridge receives a single-session, single-user encryption key from the Remote Access Dial-In User Service (RADIUS) server via the associated AP. With this centralized and standards-based architecture, wireless security scales to meet the requirements of any enterprise."
AND
http://www.cisco.com/warp/customer/cc/pd/witc/ao1200ap/prodlit/wrsec_an.htm
"Figure 6: Workgroup Bridge Security Configuration"
What do you mean about ??
Jacky

1602 AP - Workgroup Bridge Cannot Associate to Parent AP

Hi All,
For a few weeks now, I have been trying to connect a Cisco 1602 standalone AP to our unified wireless network as a workgroup bridge. Eventually this AP is to be moved to another wireless network where I will need it to run in universal workgroup bridge mode (for non Cisco wireless networks), so I just want to get this working in the office before I take it elsewhere and try to get that to work, as the configuration will be similar.
So far I've been unable to get this 1602 AP to associate to our network. The particular SSID I'm trying to set up is a BYO style SSID, normally if you connect a device you provide your Active Directory username / password and your laptop / phone / whatever connects. I know the username is fine because if I use it on another device it's not a problem.
The AP keeps repeating this message: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating. Cisco.com tells me that this is to do with MFP, however I've changed a number of MFP settings in the SSID and this seems to have made no difference.
I'm thinking this is a problem with authentication or association. I have a question, why do I need to input Radius server information into the config (eap_methods)? When you connect a regular device to this SSID it doesn't require any Radius server settings in order to connect, I don't understand why the AP needs these settings. Also, when authenticating to AD, do you need to include the domain name as part of the username?
Wireless isn't my strong point unfortunately. Is anyone able to help with this? Config and log is below. Many thanks.
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WGB-AP
logging buffered 10000
logging rate-limit console 9
enable secret 5 xxxx
aaa new-model
aaa user profile userprofilename
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
no ip routing
no ip cef
dot11 syslog
dot11 ssid BYO
authentication open eap eap_methods
authentication shared eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa version 2
dot1x credentials MyCreds
dot1x eap profile EAPTLS
infrastructure-ssid
ids mfp client optional
eap profile EAPTLS
method mschapv2
method peap
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-88743315
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-88743315
revocation-check none
rsakeypair TP-self-signed-88743315
crypto pki trustpoint WGB-PEAP
enrollment terminal
subject-name CN=username
revocation-check none
rsakeypair manual-keys 1024
crypto pki certificate chain TP-self-signed-88743315
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38383734 33333135 301E170D 39333033 30313030 30383234
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D383837 34333331
3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BB10
F5361E52 A573FE8A 247142AD CF53D762 38F7BB42 7E723B2B 5C78100E 7F312442
3BE63A8B 7E826758 3F2914D0 4BBC93A6 CCACA795 927514E7 74561589 444D03BA
C20B80D8 85E52A18 C3B287BF 4A1EEF83 B43DD673 12BF075F 7CA038C0 C31F1FB4
F75C3F86 C09DC703 FB05676B 16B86754 F0F11D4D 36B61F81 DF15C02A 9C410203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14999B3B 7F4B10FA B95CC90B D7218636 39280AFE 4E301D06 03551D0E
04160414 999B3B7F 4B10FAB9 5CC90BD7 21863639 280AFE4E 300D0609 2A864886
F70D0101 05050003 81810076 27E215C4 C105C66D 15124645 D3F4A538 F977A95F
7AF0FF05 648D41A4 A796F9CB CC6327FF 726DA1D6 290CD438 C2111DF8 208B92B5
63B09FEC 1CA334F7 A4607E71 18EBCB44 0A175BEE 30689849 B4D9222E 7EB1C1DB
F36BDDD3 3F5514A6 8A006A8A A113A44D 7337B6D8 7860AA25 EBAD5588 8543DF88
9E6A3D62 6E875372 277B57
quit
crypto pki certificate chain WGB-PEAP
dot1x credentials MyCreds
username DOMAIN\AD-USER
password AD Password
username Cisco password 7 00271A150754
username DOMAIN\AD-USER
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid BYO
antenna gain 0
stbc
beamform ofdm
station-role workgroup-bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers aes-ccm tkip
ssid BYO
antenna gain 0
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
no ip address
no ip route-cache
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host xxxx auth-port 1812 key 7 xxxx
radius-server vsa send accounting
bridge 1 route ip
line con 0
logging synchronous
line vty 0 4
transport input all
end
Jan 5 14:34:30.636: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:36:23.730: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:36:42.730: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:38:19.833: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:39:33.901: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:40:49.948: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:42:10.123: %SYS-5-CONFIG_I: Configured from console by console
Jan 5 14:42:42.031: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: No Response
Jan 5 14:42:46.031: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:43:06.058: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating
Jan 5 14:45:18.173: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associate: Associating

With PEAP there is a certificate being used on the radius server for securing the first phase (outer tunnel). In this scenario the access-point acts like a dot1x client, so like any other client it has to validate the certificate the radius server uses. Therefor the root certificate (and intermediates, if being used) needs to be installed on the access-point.
I never configured an WGB in this way, so I fired on my lab to see if I could get it to work. Sadly I did not manage to get it to work properly, I'm running into "EAP session timed out" messages in ACS (my radius server). I did also ran into the MFP issue, but as long as you configure MFP as optional on the network side, it should work. Because of the CCIE exam, I'm running old AirOS software on the WLC and also the software on the access-point I tested this configuration on (2600) is not that new. So it could be that I ran into a bug testing this, so I would advise you to run the latest software on your 1600. There are WGB related bugs fixed not so long ago. This configuration is supported since IOS 15.2.2(JA) and higher.
If I look at your configuration you still need to actually install the certificate, the trustpoint is empty. Besides that the following configuration changes needs to be made:
eap profile EAPTLS
no method mschapv2
method peap
dot11 ssid BYO
authentication open eap PEAP
   no authentication shared eap eap_methods
authentication network-eap PEAP
authentication key-management wpa version 2
dot1x credentials MyCreds
dot1x eap profile EAPTLS
   no infrastructure-ssid
   no ids mfp client optional
For more information look at this document.

Workgroup Bridge between WRVS440n and WAP321

Hi, i am trying to expand the wifi range of my WRVS4400n. Since the WAP4400 is'nt available i got me a wap321, since it was mentioned as recommende replacement. However i am having trouble in getting the bridge to work.
First i tried to use WDS but this only killed my WRVS4400n and i am now trying the Workghroup Bridge mode on the WAP321.
On WRVS4400n i have enabled WDS and have tried both auto setting and Manual without any difference
I am stuck with this status on the WAP321:
Network Interface Status and Statistics VLAN ID Name (SSID)
WLAN0UPSTRM Disconnected 1 myssid
WLAN0DWSTRM Up 1 myssid
It is the Infrastructure Client Interface setting that fails, i've tried both None and WPA pesronal Security setting with same result: Disconnected
What am i missing?

Hello Lars,
Just wanted to add a note to this as well. Pretty much the workgroup bridge is made to be used with other wireless devices that are not WAP121's and WAP321s. Cisco pretty much recommends to use WDS bridge if you have another WAP321 or WAP121.. if that is not the case then workgroup bridge is your other options. The admin guide should have some good documentation on this and also if you click on help in the GUI of the WAP321 it provides a lot of great information as well! It gives you recommended set up for this configuration.
Other than that you do not have to set up WDS on the WRVS4400n. As long as the SSID, wireless channel, wireless mode, wireless bandwidth and secuirty is the same on the WAP321 and the WRVS4400n this should work out just fine. Maybe have to power cycle the devices a couple times to get it to come up but I know I have gotten this to work between a RV220w and a WAP321... so I do not see why it shouldn't work between the WRVS4400n and the WAP321.
Hope that helps!
Thanks,
Clayton Sill

Workgroup bridge passing WDS info

Does anyone know if a workgroup bridge/non-root bridge will pass information to back and forth to a WAP that is downstream from a non-root bridge through a switch connected to the non-root bridge. I have verified network connectivity between all devices and the WDS. The client WAP indicates WDS not discovered with the command-->sh wlc ap. I suspect the bridge does not pass the traffic to and from the WDS to the client WAP. Any hints are appreciated
WDS not discovered

I have attached a network diagram. Maybe this will help you understand. The WAP that does not discover the WDS has station-role root for a setting. The config this WAP worked at a client before. The only difference is there is a bridge between it and the WDS. Is there some limitation to the bridge that is stopping the WAP from discovering the WDS or do I need to add configuration lines to the root or non-root bridge to make this work. What is you reason you believe this will not work?

How to setup LAPAC1750-PRO with LAPAC1750 Workgroup Bridge Mode as WiFi Extender

I've got following devices:
1 LRT224 Dual WAN Gigabit VPN Router (Load Balancing)
2 LAPAC1750-PRO Access Points
6 LAPAC1750 Access Points
I'm supposed to make a Cluster between 2 LAPAC1750-PRO and then connect the 6 LAPAC1750 using Workgroup Bridge Mode, but after purchasing and while configuring, I found the strage thing that:
If I need to setup a Workgroup Bridge Mode, the clustering will not be available (so I need to modify the changes on either PRO APs whenever I need to perform some) and the Bridge Mode needs to be disable if Clustering is ON or vice versa.
Spoiler (Highlight to read)
+--- The Configuration ---+
I've made 2 subnets:
192.168.1.x (Existing)
192.168.10.x (New)
and configured 4 APs on each (1 PRO and 3 Normal using Trunking between 2 HP 1910 24 Switches) and then again found some strange thing that:
Only 1 Normal AP can be connected to PRO in a Workgroup Bridge Mode, and vice versa.
+--- The Configuration ---+I've made 2 subnets:192.168.1.x (Existing)192.168.10.x (New)and configured 4 APs on each (1 PRO and 3 Normal using Trunking between 2 HP 1910 24 Switches) and then again found some strange thing that: Only 1 Normal AP can be connected to PRO in a Workgroup Bridge Mode, and vice versa.
+--- The Problem ---+
--- Please correct me if I'm wrong
It supposed to extend the Wireless Range, therefore I need to do the following:
PRO AP needs to connect to the AP 1 of and the AP 1 then connects to AP 2 and so on in Workgroup Bridge Mode ...
OR
All the APs needs to connect to the PRO one by registering one by one in Workgroup Bridge Mode
Thanx in Advance

Thanx! The information is very helpful.

Device connectivity via ap-bridge

Hi,
In one of our factory, there are handheld scanning devices which work over wireless to move data over to end servers.
The setup has two-5508 WLC in HA mode, about few 1500 series & 3500 series AP's.
handheld device is assigned an ip address & connected using copper cable to the ethernet port of 3502.
The 3502 here is functioning as a work bridge & connects to either other 3502/1500 which act as normal mesh AP's.
3502 shows connectivity to the wireless & back end infrastructure, however the handheld device can not be communicated from within our network.
Is there any special configuration required for this. Please help with suggestions.
Thanks in advance.

Thanks Steve & Rasika.
I'll get these outputs from the local folks & present it here.
Another thing to note is , the scanner ip can be pinged from within the bridge itself, but it can't be from the local network infrastructure. All Ap's are in mesh mode. Below is the configuration from a bridge that is used for this purpose.
we tried adding static arp entry on to the bridge itself, it works for sometimes but then stops.
WGB-FCT01#sh run
Building configuration...
Current configuration : 3333 bytes
! Last configuration change at 00:14:50 UTC Fri Mar 1 2002
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WGB-FCT01
no aaa new-model
no ip routing
no ip cef
dot11 syslog
dot11 ssid FCT
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 xxxxxxx
dot11 guest
crypto pki trustpoint TP-self-signed-1702352480
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1702352480
revocation-check none
rsakeypair TP-self-signed-1702352480
crypto pki certificate chain TP-self-signed-1702352480
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373032 33353234 3830301E 170D3032 30333031 30303136
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37303233
35323438 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B8B0 03A52013 F4A279F0 7DC7C475 5E8B771A 6CD17488 4284CC9E 7CBD5EC4
A289EE48 668D3CE4 235DE1D0 2808058B 0EDDDE6B 173B200D F76B5CB7 B407BB90
60362339 34093203 E210C398 20D97B1F 64964273 B98F0B47 76DFF5AF DFE68C17
A36AD17A 0D32C043 FD430335 5D81B057 8C4EBB21 465D60AC E4C44A71 5EE824AB
AF550203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14402E0D E6557607 6BC21EA3 409EA489 ECF4A734 BF301D06
03551D0E 04160414 402E0DE6 5576076B C21EA340 9EA489EC F4A734BF 300D0609
2A864886 F70D0101 05050003 8181003B 41C57C42 C1FF4894 A737EE62 26EBB3BD
7BB72DE6 FC76FA74 BE37655A E8CB4F3C 720BC72F 07F27FF2 52C6158C 0878D5D3
2B03ED70 35B32E8C 4B95862F D80FECA5 C1AC328E 74AA6595 53BCDB9D 281CDC2C
71035CEC 6003770A E91BDEFD 776692D1 8BAD98DC E12A3D48 BA84E30C 921F1FD2
01EF4D66 8B7DA134 956AABBB 784140
        quit
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid FCT
antenna gain 0
parent timeout 20
station-role workgroup-bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
encryption mode ciphers aes-ccm
antenna gain 0
peakdetect
no dfs band block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.100.55 255.255.255.0
no ip route-cache
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
ip default-gateway 192.168.100.254
ip forward-protocol nd
ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
end
WGB-FCT01#
WGB-FCT01#sh ip int brie
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       192.168.100.101     YES NVRAM up                    up
Dot11Radio0                unassigned      YES NVRAM up                    up
Dot11Radio1                unassigned      YES NVRAM administratively down down
GigabitEthernet0           unassigned      YES NVRAM up                    up
Virtual-Dot11Radio0        unassigned      YES unset up                    up
appreciate all help.

Unable to ping device behind Cisco 3750 on the same inside VLAN via Cisco ASA 5505 Anyconnect VPN

Hi Guys,
I've been stuck with this for the last 2 days, and I thought to try and use Cisco's forum, I setup my home DC, and started having problems once I moved a Cisco 5505 behind a Cisco 1841 router (I wanted to eventually test DMVPN live on the internet,) I was no longer able to ping some devices, then as soon as I introduce a collapsed core/distribution switch, I'm also no longer able to ping the devices behind the Cisco 3750, I've attached a network diagram and the ASA running-config.
Everything seem fine internally with the exception of an intermittent network connectivity with a Citrix NetScaler VPX running on a VMware ESXi.
For some odd reason, I am able to ping the following, with no issues.
Cisco 3750 SVI (192.168.1.3)
CentOS web server (connected directly to the Cisco ASA 5505)
I have checked and enable the following:
Nat Exemption
Sysopt connection permit-vpn
ACL's
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Added ICMP in the inspection policy
Packet-capture - Only getting echo requests.
Thanks in advance!

Hi,
I believe you have the problem with your no-nat configurations..... you to exempt NAT for the traffic from 172.16.10.0 (Anyconnect VPN pool) to 192.168.1.0/24 (Inside LAN) to make this work
object network acvpnpool
subnet <anyconnect VPN Subnet>
object network insidelan
subnet <inside lan subnet>
nat (inside,outside) source static acvpnpool acvpnpool destination static insidelan insidelan
Make sure that you are able to reach the GW/Inside ip adress of the firewall from LAN machine.... all routing in place properly..... Thanks!!!
Regards
Karthik

Multiple Public IP's on one physical interface for devices behind Router.

Hi guys, I am trying to find information on applying multiple IP addresses to a router
basically one for the Router itself and then some for the devices behind the router, Which i am sure I need to apply some 1 to 1 NATs. I just do not know if i need to specify all the IP addresses on the main interface.
Example being I have a router with WAN ip of xxx.xxx.xxx.xxx/25 , it only has 2 interface one for WAN one for LAN, i have a server I would like assigned its own public IP address. but still on the same LAN network.
Could someone help me out and point me in the right direction with a sample config

I agree with the previous response that you need a static NAT to allow outside resources to initiate traffic to your server. You also will need NAT or PAT using the router interface address to allow the other hosts in your network to access outside.
You do not need to configure any other of the addresses on the router interface other than the primary IP that you assign to the router interface. As long as the other addresses are used for NAT/PAT they are configured in the nat statements and not on the physical interface.
HTH
Rick

Adding devices behind firewall

i have just installed an AirPort Extreme and want to add my thermostat so i can access them remotely. Do i need to add the MAC address and or IP Address of the thermostats? How do i do this and where?

Hi,
TACACS+ authentication service between Network devices and AAA Server is running on TCP 49. The 2004-5000 port range is only applicable if you need to access ACS Server (for management purposes) from outside/internet. In your case, if you need to access your devices behind firewall from external network, what you need is map your internal network devices with public IP, and open ddesired service port, e.g SSH (tcp 22) on your Firewall outside interface ACL to allow incoming access.
For your internal devices, you need to have appropriate AAA configuration that point to ACS (e.g TACACS+). In your ACS, set these devices as AAA Client, and configured appropriate IP, secret key and using TACACS+.
Before you test ssh access from internet/external network, test your SSH access locally. It must be successful to get AAA to authenticate your SSH connection request.
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e996.html
Hope this helps.
Rgds,
AK

Cisco AP1121G Workgroup Bridge Problem

Hello,
For reference I have attached the following:
Network Diagram
Ping Results Table
Configurations for 1811 router, ap1121g root access point, ap1121g wgb.
I am seeking assistance with the following problem.
Referring to the attached network diagram, I cannot communicate past the ap1121g-wgb in either direction.
Also attached is a result table of ping attempts through the ap1121wgb from each side.
I don't have a problem with the wireless connections. The ap1121g's associate ok.
Based on the ping results the problem appears to be in the ap1121g-wgb configuration, but I have run out of ideas.
The following two cisco documents have been my main reference, besides the cisco command lookup site.
http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/products_configuration_example09186a00805b9b87.shtml
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap19-wgb-standby.pdf
Any insight will be greatly appreciated.
Thanks...

Robert,
Going back to your original post and looking through the example given in the first URL, I spotted a few lines in the example configurations which apply to older revisions of code, but not newer AP code, so they may be misleading. Based on the parameter availability of station-role workgroup-bridge in your last message, would you be wiling to try the following?
Reset both 1121 APs to factory default configuration (#write erase -- do not save config to startup if prompted)
Give each AP an IP address on BVI1 so that both APs are in the same subnet
Apply the following configuration to the infrastrucuture (root) AP:
dot11 ssid WGB-SSID
authentication open
interface dot11radio 0
ssid WGB-SSID
station-role root
no shutdown
Apply the following configuration to the workgroup-bridge (client) AP:
dot11 ssid WGB-SSID
authentication open
interface dot11radio 0
ssid WGB-SSID
station-role workgroup-bridge
no shutdown
The intended goal with this exercise is to get rid of all config and to try only basic required elements of a WGB configuration, starting with fresh factory defaults. Let's see if it will work for you as a bare-bones setup and then you can add other configuration like encryption and ACLs back in later.
Justin

Using the 1262 AP in Workgroup Bridge Mode

Client has a building that is located 300Ft apart and would like to provide IP communications for 3-4 IP hadsets back to an IP PBX. They do not want to dig up the parking lot so we proposed using a wireless bridge. I noticed that Cisco discontinue the 1300 and 1400 Wireless Bridge. Can I use a 1262 with external antenna in Workgroup Bridge mode to perfom this functions? I will put a Layer 3 switch on both ends to route traffice (3560C-8). Should I use the Yagi antenna's for outdoor use? Thanks!

You could go WGB, but root/non-root might work better. This will allows you to pass multiple VLAN across the link.
This is a bit old, but it' the Bridge Range utility
http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps458/prod_technical_reference09186a00800a912a.xls
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

Unreachable devices report

Hi,
I noticed in Cisco Prime 4.2 when we try to look for devices that are unreachable, we went to Reports>Inventory>Management Status>Unreachable Devices, but the devices indicated there are currently Up. We have another Cisco Prime Demo server not connected to the production network, it is monitoring another set of devices. We went to Unreachable Devices report from the Demo server but this time it shows no Unreachable Devices but currently 2 devices were disconnected from the network. How come this report is unreliable? Do know a report tool from Cisco Prime 4.2 that is accurate aside from the Event Monitor?
Thanks in advance for the help.

Hi Benjo,
Yes , it is completely different from them, with poller you are polling devices with different OID's in the background.
for e.g in the device avaiblity it is using sysuptime ...etc
check the below link:
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/lms_monitor/mnt-perf.html#wp1542387
Thanks-
Afroj

Previews open behind the main Bridge window

When I open a preview in Bridge CS6 in Win7x64 using the spacebar, it appears that nothing has happened. However the preview has opened behind the main Bridge window, so I have to move the main window to see it. After that, it seems to then work normally.
Any suggestions for rectifying this?

Turning spring-loaded folders off and then back on in Finder preferences seems to have fixed this.

Unreachable device behind a workgroup bridge

Similar Messages

Maybe you are looking for