Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1767
Views
0
Helpful
3
Comments

1602 Aironet AP - connecting wireless extender in bridge mode

smajko
Level 1
Level 1

‎01-25-2020 08:39 AM - edited ‎11-18-2020 03:13 AM

I have:

Product/Model Number : AIR-SAP1602I-E-K9

with

Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.3(3)JC, RELEASE SOFTWARE (fc1)

I need to have internet access via eth in a deep place of my basement. So I bought a small thing called wifi extender - Netis E1+ This small thing connects to my cisco AP via wifi but allows other devices connect to it via eth or the same wifi (so extending it) and give internet access to them. This device works in kind of a bridge mode which seems to be an issue to the AP and I dont know why. It gets the IP from cisco AP but all devices connected to extender via wifi or eth are not getting the IPs. I believe this kind of setup is not something uncommon. I have checked that this wifi extender works OK when using other (non cisco AP) wifi so the problem is with the setup of cisco ap. Maybe someone has an idea how to fix this? Below is my config extract, I tried all of SSIDs from there:

 

Building configuration...

Current configuration : 4890 bytes
!
! No configuration change since last restart
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
logging rate-limit console 9
!
no ip source-route
no ip cef
!
!
!
!
dot11 syslog
dot11 vlan-name guests vlan 3
dot11 vlan-name kids vlan 2
dot11 vlan-name sma vlan 1
!
dot11 ssid sma
vlan 1
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 ***
!
dot11 ssid sma_guests
vlan 3
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 ***
!
dot11 ssid sma_kids
vlan 2
rate-limit tcp input data-rate 1000 burst-size 1000
rate-limit tcp output data-rate 1000 burst-size 1000
rate-limit udp input data-rate 1000 burst-size 1000
rate-limit udp output data-rate 1000 burst-size 1000
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 ***
!
!
!
no ipv6 cef
bridge irb
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
ssid sma
!
ssid sma_guests
!
ssid sma_kids
!
antenna gain 0
stbc
beamform ofdm
mbssid
no preamble-short
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.3
encapsulation dot1Q 3
ip access-group only_internet_ACL in
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
!
encryption mode ciphers aes-ccm
!
encryption vlan 1 mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm
!
encryption vlan 3 mode ciphers aes-ccm
!
ssid sma
!
ssid sma_guests
!
ssid sma_kids
!
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel width 40-below
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.3
encapsulation dot1Q 3
ip access-group only_internet_ACL in
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address ***
ip address 192.168.8.96 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.8.1
ip forward-protocol nd
ip access-list extended only_internet_ACL

!
bridge 1 route ip
!

end

0 Helpful
Comments
Scott Fella
Hall of Fame
Hall of Fame
‎01-25-2020 09:08 AM
I don’t think that is supported with autonomous AP’s. There is a feature called workgroup bridge wishing is another Cisco so that connects to another Cisco AP or doing bridge to bridge. The reason other devices work is because the ap doesn’t support multiple MAC address behind an existing connection. With a wlc, you would enable a feature called passive client and that will alllow more than one MAC address. See if the configuration guide has passive client and enable that.
smajko
Level 1
Level 1
‎01-25-2020 01:22 PM

Hey Scott, thanks for reply. I dont see this 'passive client' option in configuration guide for this AP. I am suprised there is no other workaround for this (without wlc) as these 'extenders' are pretty common nowadays... For now I have an old router with tomato which I have set up as a wifi client and it does nat for the end eth device. The good thing is that end device has internet access, whats not so good its behind (another) nat, plus the router is not so small as the extender...

Scott Fella
Hall of Fame
Hall of Fame
‎01-25-2020 05:01 PM
Here is my opinion. If you really need coverage and don’t want to spend money on some enterprise gear, look at Orbi, Ubiquity or Google WiFi mesh products. Since I work in the field, I do have equipment that is overkill for home use, but it works for me. You have to look at what the product is meant to function as. Just because other home use products work, it’s because they were meant to be used that way. The Cisco AP’s are meant for enterprise and SMB where you have cabling to each ap. Why don’t they support that or have a feature to do that, I don’t know, but they never had and since autonomous is going away in favor of IOS-XE, that feature will probably never happen.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents